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Abstract. In this article we develop a max-strategy improvement al- 
gorithm for computing least fixpoints of operators on R (with R := 
R U {±00}) that are point-wise maxima of finitely many monotone and 
order-concave operators. Computing the uniquely determined least fix- 
point of such operators is a problem that occurs frequently in the context 
of numerical program/systems verification/analysis. As an example for 
an application we discuss how our algorithm can be applied to compute 
numerical invariants of programs by abstract interpretation based on 
quadratic templates. 

1 Introduction 
1.1 Motivation 

Finding tight invariants for a given program or system is crucial for many ap- 
plications related to program respectively system verification. Examples include 
linear recursive filters and numerical integration schemes. Abstract Interpreta- 
tion as introduced by Cousot and Cousot [4 reduces the problem of finding tight 
invariants to the problem of finding the uniquely determined least fixpoint of a 
monotone operator. In this article, we consider the problem of inferring numer- 
ical invariants using abstract domains that are based on templates. That is, in 
addition to the program or system we want to analyze, a set of templates is 
given. These templates are arithmetic expressions in the program/system vari- 
ables. The goal then is to compute small safe upper bounds on these templates. 
We may, for instance, be interested in computing a safe upper bound on the 
difference xi — X2 of two program/system variables xi, X2 (at some specified 
control point of the program). Examples for template-based numerical invari- 
ants include intervals (upper and lower bounds on the values of the numerical 
program variables) [5] , zones (intervals and additionally upper and lower bounds 
on the differences of program variables) (TUl [HI HH] j octagons (zones and addi- 
tionally upper und lower bounds on the sum of program variables) |12j . and, 
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more generally, linear templates (also called template polyhedra, upper bounds 
on arbitrary linear functions in the program variables, where the functions a 
given a priori) [15'. In this article, we focus on quadratic templates as consid- 
ered by Adjc, Gaubert, and Goubault fT]. That is, a priori, a set of linear and 
quadratic functions in the program variables (the templates) is given and we are 
interested in computing small upper bounds on the values of these functions. 
An example for a quadratic template is represented by the quadratic polynomial 
2xi + + 2xiX2, where xi and X2 are program variables. 

When using such a template-based numerical abstract domain, the problem 
of finding the minimal inductive invariant, that can be expressed in the abstract 
domain specified by the templates, can be recast as a purely mathematical op- 
timization problem, where the goal is to minimize a vector (xi, . . . ,x„) subject 
to a set of inequalities of the form 

> /(xi, . . . ,x„). (1) 

Here, / is a monotone operator. The variables xi, . . . ,x„ take values in R U 
{±cxd}. The variables are representing upper bounds on the values of the tem- 
plates. Accordingly, the vector (xi, . . . ,x„) is to be minimized w.r.t. the usual 
component-wise ordering. Because of the monotonicity of the operators / oc- 
curring in the right-hand sides of the inequalities and the completeness of the 
linearly ordered set K U {±oo}, the fixpoint theorem of Knaster/Tarski ensures 
the existence of a uniquely determined least solution. 

Computing the least solution of such a constraint system is a difficult task. 
Even if we restrict our consideration to the special case of intervals as an abstract 
domain, which is, if the program variables are denoted by xi, . . . ,a;„, specified 
by the templates — xi, xi, . . . , —Xn, a;„, the static analysis problem is at least as 
hard as solving mean payoff games. The latter problem is a long outstanding 
problem which is in NP and in coNP, but not known to be in P. 

A generic way of solving systems of constraints of the form ([T]) with right- 
hand sides that are monotone and variables that range over a complete lattice 
is given through the abstract interpretation framework of Cousot and Cousot 
[1]. Solving constraint systems in this framework is based on Kleene fixpoint 
iteration. However, in our case the lattice has infinite ascending chains. In this 
case, termination of the fixpoint iteration is ensured through an appropriate 
widening (see Cousot and Cousot [4 ). Widening, however, buys termination 
for precision. Although the lost precision can be partially recovered through 
a subsequently performed narrowing iteration, there is no guarantee that the 
computed result is minimal. 

1.2 Main Contribution 

In this article, we study the case where the operators / in the right-hand side of 
the systems of equations of the form ([T]) are not only monotone, but additionally 
order-concave or even concave (concavity implies order-concavity, but not vice- 
versa). In the static program analysis application we consider in this article, the 
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end up in this comfortable situation by considering a semi-definite relaxation 
of the abstract semantics. The concavity of the mappings /, however, does not 
imply that the problem can be formulated as a convex optimization problem. The 
feasible space of the resulting mathematical optimization problem is normally 
neither order-convex nor order-concave and thus neither convex nor concave. 
In consequence, convex optimization methods cannot be directly applied. For 
the linear case (obtained when using used linear templates), we solved a long 
outstanding problem — namely the problem of solving mean payoff games in 
polynomial time — if we would be able to formalize the problem through a 
linear programming problem that can be constructed in polynomial time. 

In this article, we exploit the fact that the operators / that occur in the 
right-hand sides of the system of inequalities of the form ([T]) we have to solve are 
not only order-concave, but also monotone. In other words: we do not require 
convexity of the feasible space, but we do require monotonicity in addition to 
the order-concavity. The main contribution of this article is an algorithm for 
computing least solutions of such systems of inequalities. The algorithm is based 
on strategy iteration. That is, we consider the process of solving the system of 
inequality as a game between a maximizer and a minimizer. The maximizer aims 
at minimizing the solution, whereas the minimizer aims at minimizing it. The 
algorithm iteratively constructs a winning strategy for the maximizer — a so- 
called max-strategy. It uses convex optimization techniques as sub-routines to 
evaluate parts of the constructed max-strategy. The concrete convex optimiza- 
tion technique that is used for the evaluation depends on the right-hand sides. 
In some cases linear programming is sufhcient (see Gawlitza and Seidl [5]), 
In other cases more sophisticated convex optimization techniques are required. 
The application we study in this article will require semi-definite programming. 

An important example for monotone and order-concave operators are the op- 
erators that are monotone and ajjine. The class of monotone and order-concave 
operators is closed under the point-wise infimum operator. The point-wise in- 
fimum of a set of monotone and affine functions, for instance, is monotone 
and order-concave. Another example is the -operator, which is defined by 
^ = sup {y e M I 2/^ < x} for aU a; e M. 

An example for a system of inequalities of the class we are considering in this 
article is the following system of inequalities: 

Xi > ^ Xi > X2 > Xi X2 > 1 + \/x2 - 1 (2) 

The uniquely determined least solution of the system ([2| of inequalities is Xi = 
X2 = 1. We remind the reader again that the important property here is that 
the right-hand sides of ^ are monotone and order-concave. 

The least solution of the system ^ is also the uniquely determined optimal 
solution of the following convex optimization problem: 

max Xi + X2 subject to Xi < -\/x2 X2 < Xi (3) 

Observe that the above convex optimization problem is in some sense a "subsys- 
tem" of the system (pi) . Such a "subsystem" , which we will call a max-strategy 
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later on, is obtained from the system ([2| by selecting exactly one inequality of 
the form > from ([2]) for each variable and replacing the relation < by 
the relation >. Note that there are exponentially many max-strategies. The al- 
gorithm we present in this article starts with a max-strategy and assigns a value 
to it. It then iteratively improves the current max-strategy and assigns a new 
value to it until the least solution is found. We utilize the monotonicity and the 
order-concavity of the right-hand sides to prove that our algorithm always ter- 
minates with the least solution after at most exponentially many improvement 
steps. Each improvement step can be executed by solving linearly many convex 
optimization problems, each of which can be constructed in linear time. 

As a second contribution of this article, we show how any algorithm for solv- 
ing such systems of inequalities, e.g., our max-strategy improvement algorithm, 
can be applied to infer numerical invariants based on quadratic templates. The 
method is based on the relaxed abstract semantics introduced by Adje, Gaubert, 
and Goubault [I]. 

1.3 Related Work 

The most closely related work is the work of Adje, Gaubert, and Goubault 
[T]. They apply the min-strategy improvement approach of Costan, Gaubert, 
Goubault, Martel, and Putot [2] to the problem of inferring quadratic invariants 
of programs. In order to do so, they introduced the relaxed abstract semantics we 
are going to use in this articlej^ Their method, however, has several drawbacks 
compared to the method we present in this article. The first drawback is that 
it does not necessarily terminate after finitely many steps. In addition, even if 
it terminates, the computed solution is not guaranteed to be minimal. On the 
other hand, their approach also has substantial advantages that are especially 
important in practice. Firstly, it can be stopped at any time with a safe over- 
approximation to the least solution. Secondly, the computational steps that have 
to be performed are quite cheap compared the the ones we have to perform for 
the method we propose in this article. This is caused by the fact that the semi- 
definite programming problems (or in more general cases: convex programming 
problems) that have to be solved in each iteration are reasonable small. We refer 
to Gawlitza, Seidl, Adje, Gaubert, and Goubault IS] for a detailed comparison 
between the max- and the min-strategy approach. 

1.4 Previous Publications 

Parts of this work were previously published in the proceedings of the Seven- 
teenth International Static Analysis Symposium (SAS 2010). In contrast to the 
latter version, this article contains the full proofs and the precise treatment of in- 
finities. In order to simplify some argumentations and to deal with infinities, we 

^ Adje, Gaubert, and Goubault 1 in fact use the dual version of the relaxed abstract 
semantics we use in this article. However, this minor difference does not have any 
practical consequences. 
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modified some definitions quite substentially. In addition to these improvements, 
we provide a much more detailed study of different classes of order-concave func- 
tions and the consequences for our max-strategy improvement algorithm. We do 
not report on experimental results in this article. Such reports can be found in 
the article in the proceedings of the Seventeenth International Static Analysis 
Symposium (SAS 2010). 

1.5 Structure 

This article is structured as follows: Section [2] is dedicated to preliminaries. 
We study the class of monotone and order-concave operators in Section [3) The 
results we obtain in Section |3] are important to prove the correctness of our 
max-strategy improvement algorithm. The method and its correctness proof is 
presented in Section|4] In Section[5] we discuss the important special cases where 
the right-hand sides of the system of inequalities are parametrized convex op- 
timization problems. This can be used to evaluate strategies more efficiently. 
These special cases are important, since they are present especially in the pro- 
gram analysis applications we mainly have in mind. In Section [6] we finally 
explain how our methods can be applied to a numerical static program analysis 
based on quadratic templates. We conclude with Section [Tj 

2 Preliminaries 

Vectors and Matrices We denote the i-th row (resp. j-th column) of a matrix 
A by Ai. (resp. A.j). Accordingly, Ai.j denotes the component in the i-th row 
and the j-th column. We also use these notations for vectors and vector valued 
functions f : X Y'', i.e., fi.{x) = {f{x))i. for alH G {!,..., k} and all x € X. 

Sets, Functions, and Partial Functions We write A(j B for the disjoint union 
of the two sets A and B, i.e., A(jB stands for A U i?, where we assume that 
A\^ B — %. For sets X and Y , X ^ Y denotes the set of all functions from X 
to y, and X Y denotes the set of all partial functions from X to Y . Note 
that X-^Y<ZX-^YQXxY. Accordingly, we apply the set operators U, 
n, and \ also to partial functions. For X' C X, the restriction f\x' : X' Y 
of a function f : X ^ Y io X' is defined by J\x' :— f H X' x Y . The domain 
and the codomain of a partial function / are denoted by dom(/) and codom(/), 
respectively. For f : X Y and g : X Y, we define f (B g X Y hy 
f®g-= /|x\dom(3) Ug. 

Partially Ordered Sets Let D be a partially ordered set (partially ordered by 
the binary relation <). Two elements a;, y G D are called comparable if and 
only ii X < y or y < X. For all a; S D, we set D>x ■= {y & ^ \ y > x} and 
D<2^ := {y € D \ y < x}. We denote the least upper bound and the greatest 
lower bound of a set X C D by \/X and /\X, respectively, provided that it 
exists. The least element \/ ^ — /\IS> (resp. the greatest element /\ = V D) is 
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denoted by _L (resp. T), provided that it exists. A subset C C D is called a chain 
if and only if C is linearly ordered by <, i.e., it holds x < y oi y < x for all 
x,y G C. For every subset X C D of a set D that is partially ordered by <, we 
set Xf" := {y e B \ 3x e X .X < y}. The set X C D is called upward closed 
w.r.t. D if and only if Xf^ = X. We omit the reference to D, if D is clear from 
the context. 

Monotonicity Let Di,D2 be partially ordered sets (partially ordered by <). A 
mapping / : Di D2 is called monotone if and only if f{x) < f{y) for all x,y & 
Di with X < y. A monotone function / is called upward-chain-continuous (resp. 
downward-chain-continuous) if and only if f{\J C) — \l f{C) (resp. f{/\C) = 
A /(C')) for every non-empty chain C with \J C ^ dom(/) (resp. /\C G dom(/)). 
It is called chain- continuous if and only if it is upward- chain- continuous and 
downward-chain-continuous. 

Complete Lattices A partially ordered set D is called a complete lattice if and 
only if Y X and /\ X exist for all X C D. If D is a complete lattice and a; e D, 
then the sublattices D>a; and D<2: are also complete lattices. On a complete 
lattice D, we define the binary operators V and A by 

x\J y :~ y} and x Ay :— y} for all y G D, (4) 

respectively. If the complete lattice D is a complete linearly ordered set (for in- 
stance M = R U {±00}), then V is the binary maximum operator and A the 
binary minimum operator. For all binary operators □ € {V,A}, we also con- 
sider xi □ • • • □ Xfe as the application of a k-avy operator. This will cause no 
problems, since the binary operators V and A are associative and commutative. 

Fixpoints Assume that the set D is partially ordered by < and / : D — > D is 
a unary operator on D. An element a; G D is called fixpoint (resp. pre-fixpoint, 
resp. post- fixpoint) of / if and only if a; = f{x) (resp. x < f{x), resp. x > f{x)). 
The set of all fixpoints (resp. pre-fixpoints, resp. post-fixpoints) of / is denoted 
by Fix(/) (resp. PreFix(/), resp. Postrix(/)). We denote the least (resp. 
greatest) fixpoint of / — provided that it exists — by /z/ (resp. vf). If the 
partially ordered set D is a complete lattice and / is monotone, then the fixpoint 
theorem of Knaster/Tarski [T6] ensures the existence of and lyf. Moreover, 
we have fJ-f = /\ PostFix(/) and dually vf = \l PreFix(/). 

We write iJi>xf (resp. v<xf) for the least element in the set Fix(/) n Ii>x 
(resp. Fix(/) nD<a;). The existence of iM>xf (resp. v<xf) is ensured if D>^ is a 
complete lattice and /|d>^ (resp. /|d<^) is a monotone operator on lSi>x (resp. 
Il)<a,), i.e., if D>3; (resp. B<x) is closed under the operator /. The latter condition 
is, for instance, fulfilled if D is a complete lattice, / is a monotone operator on 
D, and a; is a pre-fixpoint (resp. post-fixpoint) of /. 

The Complete Lattice M The set of real numbers is denoted by M, and the 
complete linearly ordered set M U {±00} is denoted by M. Therefore, the set M 
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is a complete lattice that is partially ordered by <, where we write x < y if and 
only if Xi. < y^. for all i G {1, . . . , n}. As usual, we write a; < y if and only if 
X < y and x ^ y. We write x <\ y \i and only if Xi. < yi. for all i G {1, . . . , n}. 
For / : 1" S", we set fdom(/) := {x G dom(/) n M" | f{x) G M™}. 

The Vector Space M" The standard base vectors of the Euclidian vector space 
M" are denoted by ei, . . . , e„. We denote the maximum norm on M" by ||-||, i.e., 
||a:|| = max {\x,,. \ | i G {1, . . . ,n}} for all x G M". A vector x G M" with ||x|| = 1 
is called a unit vector. 

3 Morcave Operators 

In this section, we introduce a notion of order-concavity for functions from the 
set M — >■ E . We then study the properties of functions that are monotone and 
order-concave. The results obtained in this section are used in Section|4]to prove 
the correctness of our max-strategy improvement algorithm. 

3.1 Monotone Operators on M" 

In this subsection, we collect important properties about monotone operators on 
M". We start with the following auxiliary lemma: 

Lemma 1. Let d, d! G M" with d > and d' > 0. There exist j G {1, . . . , n} and 
A, Ai, . . . , A„ > such that Xj — and Xd = d' + X^iLi ^i^i- 

Proof. Since dl> 0, there exist a, j E {1, . . . ,n} and a A > such that Xd— d' > 
and (Ad — d')j. — 0. Thus, there exist Ai, . . . , A„ with Xj = such that Xd — d' = 



We now provide a sufficient criterium for a fixpoint x of a monotone partial 
operator / on M" for being the greatest pre- fixpoint of /j^Such sufficient criteria 
are crucial to prove the correctness of our max-strategy improvement algorithm. 

Lemma 2. Let f : M" M" be monotone with dom(/) upward closed, f{x) = x, 
and fc G N. Assume that, for every e > 0, there exists a unit vector > such 
that f^{x + Xdf) <l a; -|- Xd^ for all A > e. Then, y < x for all y with y < f{y), 
i.e., X is the greatest pre-fixpoint of f . 

Proof. We show y ^ x y ^ f{y)- For that, we first show the following 

statement: 



* Note that, since M" is not a complete lattice, the greatest pre-fixpoint of / is not 
necessarily the greatest fixpoint of /. The greatest fixpoint of the monotone operators 
/i, /2 defined by fi{x) — |a; and f2{x) = 2x for all x G R, for instance, is 0. This is 
also the greatest pre-fixpoint of /i, but not the greatest pre-fixpoint of /2, since /2 
has no greatest pre-fixpoint. 



□ 




(5) 
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For that, let y > x. Let e := \\y — By Lenima[T] there exist A, Ai, . . . , A„ > 
with Xj = for some j e {1, . . . , n} such that y -.^ x + Xd^ = y + J27=i ^i^i 
holds. We necessarily have A > e. Using the monotonicity of / and the fact that 
f'^iij) <\ y holds by assumption, we get fj.[y) < fj.iV) < Vj- = Uj - Therefore, 
y ^ /(?/)■ Thus, we have shown ([5|. Now, let y ^ x. Thus, y' := x\J y > x. Using 
(|5| we get y' ^ f{y')- For the sake of contradiction assume that y < f{y) holds. 
Then we get f{y') = /{xVy) > f{x)Vf{y) > xV y = y' — contradiction. □ 

In the remainder of this article, we only use the following corollary of Lemma [2j 

Lemma 3. Let f : M" M" be monotone with dom(/) upward closed, f{x) = x, 
and A: S N. Assume that there exists a unit vector dt> such that f^{x + Ad) < 
X + Xd for all X > 0. Then, y < x for all y with y < f{y), i.e., x is the greatest 
pre-fixpoint of f . □ 



3.2 Monotone and Order-Concave Operators on 

A set X C M" is called order-convex if and only if Aa; + (1 — A)?; G X for all 
comparable x,y € X and all A € [0, 1]. It is called convex if and only if this 
condition holds for all x,y € X. Every convex set is order-convex, but not vice- 
versa. If n = 1, then every order-convex set is convex. Every upward closed set 
is order-convex, but not necessarily convex. 

A partial function / : M" -w M™ is called order-convex (resp. order- concave) 
if and only if dom(/) is order-convex and 

f{Xx + (1 - X)y) < (resp. >) Xf{x) + (1 - A)/(y) (6) 

for all comparable x,y G dom(/) and all A G [0, 1] (cf. Ortega and Rheinboldt 
|14j). A partial function / : M" M™ is called convex (resp. concave) if and 
only if dom(/) is convex and 

f{Xx + (1 - X)y) < (resp. >) Xf{x) + (1 - A)/(y) (7) 

for all x,y £ dom(/) and all A G [0, 1] (cf. Ortega and Rheinboldt [H]). Every 
convex (resp. concave) partial function is order-convex (resp. order-concave), 
but not vice-versa. Note that / is (order-)concave if and only if — / is (order- 
)convex. Note also that / is (order-) convex (resp. (order-) concave) if and only 
if fi. is (order-) convex (resp. (order-)concave) for all i = l,...,m. If n = 1, 
then every order-convex (resp. order-concave) partial function is convex (resp. 
concave). Every order-convex/order-concave partial function is chain-continuous. 
Every convex/concave partial function is continuous. 

The set of (order-)convex (resp. (order-)concave) partial functions is not 
closed under composition. The functions f,g defined by f{x) = [x — 2)^ and 
g{x) = i for all x G K>o, for instance, are both convex and thus also order- 
convex. However, fog with (/ o g){x) = {\ — 2)^ for all x G K>o is neither 
convex nor order-convex. 

In contrast to the set of all order-concave partial functions, the set of all par- 
tial functions that are monotone and order-concave is closed under composition: 



8 



Lemma 4. Let f : M™ M" and g -.M. M™ be monotone and order-convex 
(resp. order-concave). Assume that codom{g) C dom(/). Then fog is monotone 
and order-convex (resp. order-concave). 

Proof. We assume that / and g are order-convex. The other case can be proven 
dually. Let x, x' G dom{g) with x < x' ,y = g{x), y' — g{x'). Since g is monotone, 
we get y < y' . Since / is monotone, we get {fog){x) = f{g{x)) = f{y) < f{y') = 
f{g[x')) = (/ o g){x'). Hence, / o g is monotone. 

Let A e [0,1]. Then {f og){\x + {l~\)x') = f{g{\x + {l-\)x') < f{Xg{x) + 
(1 - X)gix')) = f{Xy + (1 - X)y') < A/(y) + (1 - A)/(y') = Xfig{x)) + (1 - 
X)f{g{x')) ~ X{f o g){x) + (1 — A)(/ o g){x'), because / is monotone, and / and 
g are order-convex. Hence, f o g is order-convex. □ 



3.3 Fixpoints of Monotone and Order-concave Operators on 

We now study the fixpoints of monotone and order-concave partial operators on 
M". We are in particular interested in developing a simple sufficient criterium 
for a fixpoint of a monotone and order-concave partial operator on M" for being 
the greatest pre-fixpoint of this partial operator. To prepare this, we first show 
the following lemma: 

Lemma 5. Let f : M" M" be order-convex (resp. order- concave). Let x,x* G 
dom(/) with x* = f{x*), x \> (resp. <\) f{x), d := x* - x \> Q. Then, x* ^ Xd < 
(resp. \>) f{x* + Ad) for all X > with x* + Xd e dom(/). 

Proof. We only consider the case that / is order-convex. The proof for the case 
that / is order-concave can be carried out dually. Let A > 0. Assume for the 
sake of contradiction that there exists some i G {!,..., n} such that {x* -\- 
Xd)i. > fi.{x* -f Ad). Since fi. is order-convex and Xi. > fi.{x) holds, it follows 
X*. > fi-{x*) — contradiction. □ 

We now use the results obtained so far to prove the following sufficient criterium 
for a fixpoint of a monotone and order-concave partial operator for being the 
greatest pre-fixpoint. 

Lemma 6. Let f : M" K" he monotone and order-concave with dom(/) 
upward closed. Let x* be a fixpoint of f, x be a pre-fixpoint of f withx<]x* , and 
li'>xf = X* . Then, x* is the greatest pre-fixpoint of f. 

Proof. Since / is chain-continuous and x <i x* is a pre-fixpoint of /, there exists 
some fc e N such that x <l f'^{x). Let x' be a pre-fixpoint of /. Let d :— x* — x. 
Note that d > 0. Since /''Im^^ = (/kj^)'^ is monotone and order-concave by 
Lemma jij and x* is a fixpoint of /'^ and thus of /'^kj^, we get f''{x* -\- Ad) = 
f'^Wl^ix* -\- Ad) <1 x* -I- Ad for all A e M>o by Lemma [sj Thus, Lemma js] gives 
us x' < X*. □ 
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Example 1. Let us consider the monotone and concave partial operator : 
M M. The points and 1 arc fixpoints of since = VO, and 1 = VT- 
Since ^ is a pre-fixpoint of y^, | < 1, and — 1, Lemma j6j implies that 

1 is the greatest pre-fixpoint of Observe that for the fixpoint 0, there is no 
pre-fixpoint a; G M of with a; < 0. Therefore, Lemma [g] cannot be applied. □ 

The following example shows that the criterium of Lemma |6] is sufficient, but 
not necessary: 

Example ^. Let / : M ^ R be defined by fix) = A a; for all a; € R. Recall 
that A denotes the minimum operator. Then, is the greatest pre-fixpoint of /. 
However, there does not exist a a: G R with a; < such that iJ,>xf = 0, since 
l^>xf = X for all X < 0. Therefore, Lemma [6] cannot be applied to show that 
is the greatest pre-fixpoint of /. □ 

The set R" can be identified with the set {1, . . . , n} — > R which can be identified 
with the set X — > R, whenever |X| = n. In the remainder of this article, we 
therefore identify the set (K R) (K ^ R) with the set R" R" — 
provided that |X| = n. Usually, we use X = {xi, . . . ,x„}. We use one or the 
other representation depending on which representation is more convenient in 
the given context. 

Our next goal is to weaken the preconditions of Lemma [6] i.e., we aim at 
providing a weaker sufficient criterium for a fixpoint of a monotone and order- 
concave partial operator for being the greatest pre-fixpoint than the one provided 
by Lemma [6j The weaker sufficient criterium we are going to develop can, for 
instance, be applied to the following example: 

Example 3. Let us consider the monotone and order-concave partial operator 
/ : R2 R2 defined by f{xi,X2) := (2:2 + 1 A 0, y/x^) for aU xi,X2 G R. Then, 
X* = {xl,X2) = (0,0) is the greatest pre-fixpoint of /. In order to prove this, 
assume that y = {yi,y2) > a;* is a pre-fixpoint of /, i.e., yi < 2/2 + 1, J/i < 0, 
and 2/2 < yyi- follows immediately that yi < and thus y2 < ^/yl < a/O = 0. 

Lemma |6] is not applicable to prove that x* is the greatest pre-fixpoint of /, 
because there is no pre-fixpoint x oi f with a; <l a;*. The situation is even worse: 
there is no a; G dom(/) with a; <l a;*. 

We observe that, locally at x* = (0,0), the first component /i. of / does not 
depend on the second argument in the following sense: For every y = (2/1,2/2) S 
R^ with 2/1 = a;| = and 2/2 > 2^2 = 0; we have fi.{y) = = fi-{x*). The 
weaker sufficient criterium we develop in the following takes this into account. 
That is, we will assume that the set of variables can be partitioned according 
to their dependencies. The sufficient criterium of Lemma [6] should then hold 
for each partition. In this example this means: there exists some xi < x^ with 
xi < fi.{xi,X2) — /i.(a:i,0) and fj.>xi fi- {■ , 0) = a;^; = 0, and there exists some 
X2 < X2 with a;2 < /2.(a;i,a;2) = /2 (0,a;2) and ^>x2f2 {0, ■) = ^2 = 0. We could 
choose Xi = X2 = — 1, for instance. □ 

In order to derive a sufficient criterium that is weaker than the sufficient cri- 
terium of Lemma[6) we should, as suggested in ExamplejS} partition the variables 
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according to their dependencies. In order to define a suitable notion of depen- 
dencies, let X be a set of variables, / : (X — > M) (X — > M) be a monotone 

partial operator, and p : X M. For Xi U X2 = X, we write Xi ^ X2 if and 
only if 

1. Xi = 0, 

2. X2 = 0, or 

3. there exists an p' : X2 M with p® p' <^ dom(/) and p' <l pjxa such that 
/(P®p')|xi =/(p)|xi. 

Informally spoken, Xi ^ X2 states that — locally at p — the values of the 
variables from the set Xi do not depend on the values of the variables from the 
set X2. Dependencies are only admitted in the opposite direction — from Xi to 
X2. 

Example 4- Let us again consider the monotone and order-concave partial oper- 
ator / : -w fi-om Example [s] defined by f{xi,X2) := {x2 -|- 1 A 0, ^/xi) 
all Xi,X2 G K- Note that / is not a total operator, since ^/xl and thus f{xi, X2) 
is undefined for all xi < 0. Moreover, let x (0, 0). Recall that we identify the 
set with the set {xi,X2} — ?> M. Especially, we identify x with the function 

{xi H> 0, X2 H> 0}. Then, we have {xi} {^2}- That is, locally at x, the first 
component /i. of / does not depend on the second argument. In other words: 
locally at x, one can strictly decrease the value of the second argument without 
changing the value of the first component /i. of /. However, the second compo- 
nent /2. of / may, locally at x, depend on the first argument. In this example, 
this is actually the case: Locally at x, we cannot decrease the value of the first 
argument without changing the value of the second component /2- of /. □ 

If the partial operator / is monotone and order-concave, then the statement 

Xi ^ X2 also implies that, locally at p, the values of the Xi-components of / 
do not increase if the values of the variables from X2 increase: 

Lemma 7. Assume that f : (X — > M) (X — > M) is monotone and order- 
concave. //Xi X2, then {f{p ® p'))\xi — (/(p))|xi for all p' : X2 — >■ M with 
p' > p\y^^ and p ® p' <^ dom(f) . □ 

For Xi U • • • U Xfe = X, we write Xi • • • Xfc if and only if fc = 1 or 

Xi U • • • U Xj ^ Xj+i U • • • U Xfc for ah j e {1, . . . , fc - 1}. 

Let X and D be sets, / : (X ^ D) (X ^ D), and X1UX2 = X. For 
P2 : X2 ^- D, we define / ^ p2 : (Xi D) (Xi -> D) by 

(/^P2)(pi) := (/(piUp2))|xi for aU pi : Xi ^ D. (8) 

Informally spoken, / ^ P2 is the function that is obtained from / by fixing the 
values of the variables from the set X2 according to variable assignment p2 and 
afterwards removing all variables from the set X2. 
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Example 5. Let us again consider the monotone and order-concave partial op- 
erator / : from Examples [s] and |4] that is defined by f{xi,X2) ■= 
{x2 -I- 1 A 0, v^i) for all Xi,X2 G K- Let again x :— (0, 0) be identified with x = 
{xi ^ 0, X2 ^ 0}. Then (/ ^ = {xi ^ 0} for all pi : {xj ^ K, 
and (/ ^ a;|{xi})(/02) = {x2 ^ 0} for ah p2 : {xa} ^ M. □ 

The weaker sufficient criterium for a fixpoint of a monotone and order-concave 
partial operator for being the greatest pre-fixpoint of this partial operator can 
now be formalized as follows; 

Definition 1 (Feasibility). Let / : (X — > M) (X ^ M) be monotone and 
order-concave. A fixpoint p* of f is called feasible if and only if there exist 

Xi U • • • U Xfe = X with Xi ■^-4- • • • ■'H X/c such that, for each j G {1, . . . ,k}, 
there exists some pre-fixpoint p : Xj ^ M of f ^ P*|x\Xj with p < p*\yi^ such 
ttaM>p(/^p*|x\x,) = p1x,. □ 

Example 6. Let us again consider the monotone and order-concave partial oper- 
ator / : M-^ from the Examples [sj [ij and [s] that is defined by f{xi,X2) ■= 
{x2 + 1 A 0, V^i) for ^-ll xi,X2 & K- We show that x := (0,0) is a feasible 
fixpoint of /. From Example [Sj we know that Lemma |6] is not applicable to 
prove that x is the greatest pre-fixpoint. Recall that we can identify the set 
with the set {xi,X2} — M, and hence x with {xi i-^ 0, X2 0}. We have 

{xi} {X2}. Moreover, {xi i-> — l}<ix|{xi} ^ pre-fixpoint of / 4— a;|{x2} with 
A'>{xii^-i}(/ ^ a;|{x2}) = a;|{xi}, and {x2 -1} < a;|{x2} is a pre-fixpoint of 
/ ^ ^l{xi} with /i>{x,H^-i}(/ 2:|{xi}) = '^I{x2}- Thus, a; is a feasible fixpoint 
of/. " " □ 

We now show that feasibility is indeed sufficient for a fixpoint to be the greatest 
pre-fixpoint. Since any fixpoint that fulfills the criterium given by Lemma [6] is 
feasible, but, as the Examples |3]andj6] show, not vice-versa, the following lemma 
is a strict generalization of Lemma [6j 

Lemma 8. Let f : (X — > M) (X — M) be monotone and order-concave with 
dom(/) upward closed, and p* be a feasible fixpoint of f. Then, p* is the greatest 
pre-fixpoint of f . 

Proof. Since p* is a feasible fixpoint of /, there exists Xi U • • • U X^ = X with 

Xi ■^-4- • • • "^-^ Xfc such that, for each j e {1, . . . , k}, there exists some pre- 
fixpoint pj of / ^ p* |x\Xj with pj <l p* |x, and fi>p^ (/ ^ p* |x\Xj ) = P* \x, ■ Let 
p' be a pre-fixpoint of / with p' > p* (it is sufficient to consider this case, since 
the statement that p" is a pre-fixpoint of / implies that p' p* Vp" > p* is also a 
pre-fixpoint of /). We show by induction on j that p'lxi u- - u x^ — P* Ixi u •• u Xj 
for ah j € {1, . . . , k}. 

Firstly, assume that j = 1. Since Xi X2U---UXfc, Lemma [t] gives us 
pIx, = (/(P*))|x, = (/ ^ p1x\xJ(p1xJ = (/ ^ p'Ix\xJ(p1xJ. Using the 
monotonicity we thus get p>p^{f p'|x\Xi) = P*|xi- Hence, Lemmap^gives us 
that p*|xi is the greatest pre-fixpoint of / ^ p'|x\Xi- Thus, p'|xi = P^|xi- 
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Now, assume that j £ {2, . . . , fc} and p'lxi u- ux,_i = P* Ixi u- u x,_i • K 

remains to show that p'\x.j = P*\x.j- Since Xi U • • • U Xj ^j+i U • • • U X^ and 
P'lxiu-ux,_i = P*lxiu---ux,_i, Lemma[7|gives us that p*|x, = {f{p*))\xj = 
if ^ p1x\Xj)(/0*|xj) = (/ ^ P'\x\x,){p'^\x,)- By monotonicity, we thus get 
P>Pjif ^ p'lx\Xj) ~ P*\xj- Hence, Lemma|6]gives us that p*\xj is the greatest 
pre-fixpoint of (/ ^ p'|x\x, )- Hence p'|x, = P*|x,- Thus, we get p'|xiu - ux, = 
P*lxiu---uXj- n 



3.4 Morcave Operators on M 

We now study total operators on E that are monotone and order-concave. For 
that, we firstly extend the notion of order-concavity that is defined for partial 
operators on M to total operators on M. Before doing so, we start with the 
following observation: 

Lemma 9. Let f : M" — > be monotone. Then, fdom(/) is order-convex. 

Proof. Let x,y G fdom(/) with x < y and A e [0, 1]. Because of the monotonicity 
of /, we get -oo < f{x) < f{\x + (1 - A)?;) < f{y) < oo. Hence, Aa; -I- (1 - \)y € 
fdom(/). This proves the statement. □ 

We extend the notion of (order-)convexity/(order-)concavity from -w R to 
M" — )• M as follows: let / : M" — >• M, and / : {1, . . . , n} — ^ {— oo, id, oo} be a 
mapping. Here, — oo denotes the function that assigns — oo to every argument, 
id denotes the identity function, and oo denotes the function that assigns oo to 
every argument. We define the mapping /(^' : M M by 

:=/(/(l)(xi.),...,/(n)(a;„.)) for all x G 1". (9) 

A function / : M" — > M is called (order-)concave if and only if the following 
conditions are fulfilled for all mappings / : {1, . . . , rt} — > {— oo, id, oo}: 

1. fdom(/^^^) is (order-)convex. 

2- /*^'lfdom(/(^)) is (order-)concave. 

3. If fdom(/(^)) ^ 0, then f'^^\x) < oo for all x £ E". 

Note that, by Lemma [9] condition 1 is fulfilled for every monotone function 
/ : M — > K and every mapping / : {l,...,n} — > {— oo,id,oo}. A monotone 
operator is order-concave if and only if the following conditions are fulfilled for 
all mappings / : {1, . . . , n} — ^ {— oo, id, oo}: 

1. fdom(/(^') is upward closed w.r.t. W\ 
2- /^^''lfdom(/(^)) is order-concave. 

In order to get more familiar with the above definition, we consider a few exam- 
ples of order-concave operators on M: 



13 



— z — — z — 

Example 7. We consider the operators / : K M and g : M. M that are 
defined by 



Then, /|r2 = g\jg2 = {(0:1, 0:2) i-> y/xi \ xi,X2 € K} is a monotone and concave 
operator on the convex set fdom(/) = fdom(g) = IR>o x R. Nevertheless, / is 
monotone and order-concave whereas g is neither monotone nor order-concave. 
In order to show that g is not order-concave, let / : {1,2} — )• {—00, id, 00} be 
defined by /(I) = id and 7(2) = 00. Then, g^^\xi,X2) = x\ for all xi,X2 e M. 
Hence, fdom(g'(^^) = K^. Obviously, g^^^lM^ is not order-concave. Therefore, g is 
not order-concave. 

Another example for a monotone and order-concave operator is the function 
/i : 1^ -S- 1 defined by 



Although h is an order-concave operator on M, it is not upward-chain-continuous, 

since, for C = {(0,i) | i G K}, wc have h{\/ C) = h{0,oo) = 1 > = V{0} = 
V h{C). We study different classes of monotone and order-concave functions in 



A mapping / : M ^ M is called (order-) concave if and only if is (order- 
)concavc for alH G {1, . . . , m}. A mapping / : M — >■ M is called (order-) convex 
if and only if — / is (order-)concave. 

One property we expect from the set of all order-concave functions from K 
in M is that it is closed under the point-wise infimum operation. This is indeed 
the case: 

Lemma 10. Let be a set of (order-) concave functions from M" in M™. The 
function g : M. W defined by g{x) := /\{f{x) \ f G for all x G M is 
( order- )concave. 

Proof. The statement can be proven straightforwardly. Note that g{x) = (00, . . . , 
00) for all a; G M if = 0. In this case, g is concave. □ 

Monotone and order-concave functions play a central role in the remainder of 
this article. For the sake of simplicity, we give names to important classes of 
monotone and order-concave functions: 

Definition 2 (Morcave, Mcave, Cmorcave, and Cmcave Functions). A 

mapping / : R ^ R is called morcavei/ and only if it is monotone and order- 
concave. It is called mcavei/ and only if it is monotone and concave. It is called 
cmorcave ('resjj. cmcav^ if and only if it is morcave (resp. mcave) and /|.^^ is 
upward- chain- continuous on {x G R" | fi^\x) > —00} for all I : {1, . . . ,n} ^ 
{— 00, \<i, 00} and all i G {1, ... ,n}. □ 






(11) 



the remainder of this article. 



□ 
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Fig. 1. Graph of a morcave operator / : R — >■ R. 
Example 8. Figure [l] shows the graph of a morcave function / : — > M. □ 

An important cmcave operator for our apphcations is the operator A on M : 

Lemma 11. The operator V on M" is monotone and convex, but not order- 
concave. The operator A on M is cmcave, but not order-convex. □ 

Next, we extend the definition of affine functions from M" — >■ M'" to a definition 
of affine functions from M — > M . 

Definition 3 (Affine Functions). A function f : M" is called affine if 

and only if there exist some A G R^x" and some b G M™ such that f{x) = Ax-\-b 
for all X G M" . A function / : M — ^ M is called affine if and only if there exist 
some A G K™^" and some 6 G K"" such that f{x) = Ax -{-b for all x G M". □ 

In the above definition and throughout this article, we use the convention that 
— oo + oo = — oo. Observe that an affine function / with f{x) = Ax + 6 is 
monotone, whenever all entries of the matrix A are non-negative. 

Lemma 12. Every affine function f : M" — > M™ is concave and convex. Every 
monotone and affine function / : M — )• M is cmcave. □ 

In contrast to the class of monotone and order-concave operators on M, the class 
of morcave operators on M is not closed under functional composition, as the 
following example shows: 

Example 9. We consider the functions / : M — > R and g : M — > M defined by 

„/ N (O if a; = — oo , , \ —oo if a; < ^ „ — , , 
f{^)--={, ^ 9{x):={^ forallxGM. (12) 

1 it a; > — oo if a; > 
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The functions / and g are both inorcave — even emcave. However, observe that 

{fog){x) = f{g{x)):=r ![ ^ [J for all x e S. (13) 

II it a; > 

Then, f o g is monotone, but not order-concave. □ 

As we will see, the composition f o g of two morcave operators / and g is again 
morcave, if / is additionally strict in the following sense: a function / : M -^M. 
is called strict if and only if f{x) = —oo for all x e M with x^. = — oo for some 
fee {l,...,n}. 

Lemma 13. Let / : M — > M and g : M. — > M be morcave. Assume addition- 
ally that f is strict. Then f o g is morcave. 

Proof. Since / and g are monotone, f o g is also monotone. In order to show that 
f o g is order-concave, let / : {1, . . . ,n} — !• {— oo, id,oo} and h :— {f o gY^\ 

1. The set fdom(/i) is order-convex by Lemmajoj since h is monotone. 

2. Let cc, 2/ € fdom(/i) with a; < y, A € [0, 1], and z := Xx -\- {\ — \)y. Moreover, 
let x' := g^^\x), y' := g^^\y), and z' := g^^\z). The strictness of / imphes 
that z' \> (— oo, . . . , — oo). Since g'^^ is monotone, we get x' < y' . We define 
I' : {1, . . . , m} {— oo, id, oo} by 

/'(fc)^/''' '^^k-^^ foranfce{l,...,m}. 

I oo if z^. = oo 

We get: 

h{z)^fig('Hz)) 

>/(^')(AgW(a;) + (l-A)g(^)(y)) 

(Monotonicity, Order-Concavity) 

= /(^')(Ax' + (l-A)y') 

> \f''\x') + (1 - X)f^''\y') (Order-Concavity) 
= A/(^')(,gW(.T)) + (l-A)/(^')(5(^)(y)) 

> A/(ff(^)(a;)) + (1 - \)f{g^'\y)) (/ < J^^'^) 
= \h{x) + (1 - \)h{y) 

Hence, /i|fdom(/i) is order-concave. 

3. Now, assume that fdom(ft,) ^ 0. That is, there exists some y E M" with 
Hy) = fig^^Hv)) € K. Since / is strict, we get y' := g^^^ (?/)l> (— oo, . . . , — oo). 
Let /' : {1, . . . , m} — > {— oo, id, oo} be defined by 

/'(fc)^l'^ ^^^^-^"^ foranfce{l,...,m}. 
oo if y^.. = oo 
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Since g is order-concave, we get g^.. {x) < oo for all x £ M" and all k G 
{1, . . . , m} with y^. e M. Since / is order-concave, we get /^^ ^(x) < oo for 
all X S M". Thus, by monotonicity, we get f^^ ^og^^^x) = /(^ ''{g^-^^x)) < oo 
for all X gR". Since we have h = (/o g)^^) < /(^ ^ o g(^) by construction, we 
get h{x) < oo for all x e M". □ 

4 Solving Systems of V-morcave Equations 

In this section, we present our V-strategy improvement algorithm for computing 
least solutions of systems of V-morcave equations and prove its correctness. 

4.1 Systems of V-morcave Equations 

Assume that a fixed finite set X of variables and a complete linearly ordered set 
D is given. Assume that D is partially ordered by <. We consider equations of 
the form x = e over D, where x S X is a variable and e is an expression over D. 
A system £ of (fixpoint-)equations over D is a finite set {xi = ei, . . . ,x„ = e„} 
of equations, where xi, . . . , x„ are pairwisc distinct variables. We denote the set 
{xi, . . . , x„} of variables occurring in £ by Xf . We drop the subscript, whenever 
it is clear from the context. 

For a variable assignment p : X — > D, an expression e is mapped to a value 
|e]p by setting |x]p := p(x), and [/(d, . . . , efe)]p := /([eijp, . . . , [efcjp), where 
x e X, / is a fc-ary operator (fc = is possible; then / is a constant), for instance 
-|-, and ei, . . . . Cfe arc expressions. For every system £ of equations, we define the 
unary operator \£\ on X — >• D by setting (|£]p)(x) := \e\p for all equations 
X = e from £ and all p : X ^ D. A solution is a fixpoint of \£\, i.e., it is a 
variable assignment p such that p = \£\p. We denote the set of all solutions of 
£ by Sol(f ). 

The set X ^ D of all variable assignments is a complete lattice. For p, p' : 
X D, we write p <l p' (resp. p \> p') if and only if (0(x) < p'(x) (resp. p(x) > 
p'(x)) for all X e X. For d G D, d denotes the variable assignment {x d | x e 
X}. A variable assignment p with ±<p<T is called finite. A pre-solution (resp. 
post-solution) is a variable assignment p such that p < |5]/9 (resp. p > l£lp) 
holds. The set of pre-solutions (resp. the set of post-solutions) is denoted by 
PreSol(£) (resp. PostSol(5)). The least solution (resp. the greatest solution) 
of a system £ of equations is denoted by /iff] (resp. J^Jf]), provided that it 
exists. For a pre-solution p (resp. for a post-solution p), /U>p|f ] (resp. J^<p[f ]) 
denotes the least solution that is greater than or equal to p (resp. the greatest 
solution that is less than or equal to p). 

An expression e (resp. an (fixpoint-)equation x = e is called monotone if and 
only if |e] is monotone. In our setting, the fixpoint theorem of Knaster/Tarski 
can be stated as follows: every system £ of monotone fixpoint equations over a 
complete lattice has a least solution and a greatest solution Further- 
more, we have fj,l£} = APostSol(£:) and vl£} =\/PreSol{£). 
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Definition 4 (V-morcave Equations). An expression e (resp. fixpoint equa- 
tion — e) overM. is called morcave (resp. cmorcave, resp. mcave, resp. cmcave) 
if and only if |e] is morcave (resp. cmorcave, resp. mcave, resp. cmcave). An 
expression e (resp. fixpoint equation x = over M is called V-morcave (resp. 
W -cmorcave, resp. mcave, resp. cmcave) if and only j/ e = ei V • • • V Ck, where 
ei,...,ek are morcave (resp. cmorcave, resp. mcave, resp. cmcave). □ 

Example 10. The square root operator \A : M — > M (defined by :— sup {y G 
M I < a;} for all a; € M) is cmcave. The least solution of the system £ = {x = 
I V -v/x} of V-cmcave equations is = 1. □ 

Definition 5 (V-strategies). A V-strategy a for a system S of equations is 
a function that maps every expression ei V • • • V occurring in £ to one of 
the immediate suh- expressions Cj, j G {l,...,fc}. We denote the set of all V- 
strategies for £ by Sg. We drop the subscript, whenever it is clear from the 
context. The application £{a) of a to £ is defined by £{cr) := {x = 17(e) | x = 
e e £}. 



Example 11. The t wo V -strategies cri, 02 for the system £ of V-cmcave equations 
defined in Example 10 lead to the systems £{cri) = {x = \} and f (o'2) = {x = 
•\/x} of cmcave equations. □ 



4.2 The Strategy Improvement Algorithm 

We now present the V-strategy improvement algorithm in a general setting. That 
is, we consider arbitrary systems of monotone equations over arbitrary complete 
linearly ordered sets D. The algorithm iterates over V-strategies. It maintains a 
current V-strategy a and a current approximate p to the least solution. A so- 
called W -strategy improvement operator is used to determine a next, improved 
V-strategy a' . Whether or not a V-strategy a' is an improvement of the current 
V-strategy a may depend on the current approximate p: 

Definition 6 (Improvements). Let£ be a system of monotone equations over 
a complete linearly ordered set. Let a,a' ^ S be y -strategies for £ and p be a 
pre-solution of £{a). The W -strategy a' is called an improvement of a w.r.t. p if 
and only if the following conditions are fulfilled: 

1. If pi Sol{£), then l£{a')}p > p. 

2. For all expressions e = ei V • • • V of £ the following holds: If a'{e) ^ cf{e), 
then la'{e)lp > [a(e)lp. 

A function P\j that assigns an improvement of a w.r.t. p to every pair {cr,p), 
where a is a M-strategy and p is a pre-solution of £{a), is called a V-strategy 
improvement operator. If it is impossible to improve a w.r.t. p, then we neces- 
sarily have P\/{cr, p) — a. □ 
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Example 12. Consider the system £ = {xi = X2 + 1 A 0,X2 = —IV -v/x^} of 
V-cmcave equations. Let ai and (72 be the V-strategies for £ such that 

^l^i) = {xi = X2 + 1 A 0,X2 = -1}, and 
^(o'2) = {xi = X2 + 1 A 0, X2 = a/xi}. 

The variable assignment p := {xi i-)- 0, X2 i->- —1} is a solution and thus also a 
pre-solution of £{(J\). The V-strategy a2 is an improvement of the V-strategy ai 
w.r.t. p. □ 

We can now formulate the V-strategy improvement algorithm for computing 
least solutions of systems of monotone equations over complete linearly ordered 
sets. This algorithm is parameterized with a V-strategy improvement operator 
Py. The input is a system £ of monotone equations over a complete linearly 
ordered set, a V-strategy o-jnit for £, and a pre-solution pinit of £{(Jinit)- In order 
to compute the least and not just some solution, we additionally require that 

Pinit 

< iil£\ holds: 



Algorithm 1 The V-Strategy Improvement Algorithm 

Parameter: A V-strategy improvement operator Py 

{ A system £ of monotone equations over a complete linearly ordered set 
A V-strategy amit for £ 
A pre-solution pinit of f (ainit) with pinit < mI^I 
Output : The least solution p\£\ of £ 

O" <— CTinit; 
P Pinit; 

while (p i So\{£)) { 

p /*>pI^(c^)1; 

} 

return p; 



Example 13. We consider the system 

5 = {x = -oovivV5^v| + y'x-g} (14) 

of V-cmorcave equations. We start with the V-strategy ctq that leads to the 
system 

£{ao) = {x = -oo} (15) 

of cmorcave equations. Then po '■= — oo is a feasible solution of £{aQ). Since 
Po ^ Sol(f ), we improve cto w.r.t. po to the V-strategy ai that gives us 
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Then, pi Ai>pjcril = {x i-> \}. Since \l \ > \ an<^ I + \l \ - < \ hold, 
we improve the strategy oi w.r.t. pi to the V-strategy (T2 with 

£{(T2) = {x = \/x}. 



We get p2 A^>pJ(T2l = {x ^ 1}. Since | + ,^1 - g > | + ^1 - || = | > 1, 

we get CTs = {x = I + y^x- ||}. Finally we get := ^>p2 [[(73] = {x i-^ 2}. The 
algorithm terminates, because p3 solves f . Therefore, pa = p|i^^]- □ 

In the following lemma, we collect basic properties that can be proven by induc- 
tion straightforwardly: 

Lemma 14. Let £ be a system of monotone equations over a complete linearly 
ordered set. For all i € N, let pi be the value of the program variable p and ai 
be the value of the program variable a in the M -strategy improvement algorithm 
(Algorithm^ after the i-th evaluation of the loop-body. The following statements 
hold for all i G N; 



1. p^<pm. 

2. p, e PreSol(£((7,+i)). 

3. If pi < pfSj, then pi+i > pi. 

4. If pi = p|£], then pi+i pi. 



If the execution of the M -strategy improvement algorithm terminates, then the 
least solution p\£\ of £ is computed. □ 

In the following, we apply our algorithm to solve systems of V-morcave equa- 
tions. In the next subsection, we show that our algorithm terminates in this case. 
More precisely, it returns the least solution at the latest after considering every 
V-strategy at most |X| times. We additionally provide an important character- 
ization of /i>p|£((T)] which allows us to compute it using convex optimization 
techniques. Here, a are the V-strategies and p are the pre-solutions p of £{(j) 
that can be encountered during the execution of the algorithm. 



4.3 Feasibility 

In this subsection, we extend the notion of feasibility as defined in Definition [T] 
We then show that feasibility is preserved during the execution of the V-strategy 
improvement algorithm. In the next subsection, we finally make use of the fea- 
sibility. 

We denote by £'[a;i/Xi, . . . , a;„/X„] the equation system that is obtained 
from the equation system £ by simultaneously replacing, for all i G {1, . . . , n}, 
every occurrence of a variable from the set in the right-hand sides of £ by 
the value Xi. 
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Definition 7 (Feasibility). Let £ be a system of morcave equations. A finite 
solution p of £ is called (f-)feasible if and only if p is a feasible fixpoint of |f ]. 
A pre-solution p of £ with l£ip \> — oo is called (f-)feasible if and only if p'\x.' 
is a feasible finite solution o/ f {x = e G f | x S X'}[cx)/(X \ X')], where 
p' := /i>p[[£] and X' := {x G X | p'{x) < oo}. A pre-solution p of £ is called 
feasible if and only if e ~ — oo for all x = e Cz £ with Je]p = — oo, and p|x' 
is a feasible pre-solution o/ := {x = e € f | x G X'}[— oo/(X \ X')], where 
X' ;= {x I X = e e Ie]p > -oo}. □ 

Example 14- We consider the system £ =_|x = ^/x} of mcave equations. For all 
a; G M, let x := {x i— x}. From Example 111 we know that the solution is not 
feasible, whereas the solution 1 is feasible. Thus, x is a feasible pre-solution for 
all X e (0, 1]. Note that 1 is the only feasible finite solution of £ and thus, by 
Lemma |8] the greatest finite pre-solution oi £. □ 

Example 15. Let us consider the system £ = {xi = X2 -I- 1 A 0,X2 = v^il of 
mcave equations. From Example [6] it follows that p := {xi n- 0,X2 ^ 0} is a 
feasible finite fixpoint of Thus, {xi 0,X2 M- x} is a feasible pre-solution 
for all X & [—1,0]. The solution {xi i— >■ — oo, X2 i— >■ — oo} is not feasible, since the 
right-hand sides evaluate to — oo, although they are not — oo. □ 

The following two lemma imply that our V-strategy improvement algorithm stays 
in the feasible area, whenever it is started in the feasible area. 

Lemma 15. Let £ be a system of morcave equations and p be a feasible pre- 
solution of £ . Every pre-solution p' of £ with p < p' < p>p\£\ is feasible. 

Proof. The statement is an immediate consequence of the definition. □ 

Lemma 16. Let £ be a system of M -morcave equations, a be a M -strategy for £ , 
p be a feasible solution of £{a), and a' be an improvement of a w.r.t. p. Then p 
is a feasible pre-solution of £{a'). 

Proof. Let p* :— p,>p\£{G')\. We w.l.o.g. assume that — oo <] p* <l oo. Hence, 
p <\ oo. Let 

X°'^ := {x e X I p(x) > -oo}, and 
5°'^ := {x = e e £[a) \ x G X°'^}[-oo/(X \ X°'^)]. 

Hence, plx"" is a feasible finite solution of i.e., a feasible finite fixpoint of 
Therefore, there exist Xi U • • • U X*. = X°'^ with 

such that, for each j e {1, . . . , k}, there exists some pre-fixpoint p' of 4— 
p|xoid\x, with p' <l p|x, such that p>p,{l£°^'^\ ^ plxo'-^xx,) = pIx^-- 

Let X™P := {x e X I p*(x) > p(x)}, X^ := X^- \ X'^^p for all j G {1, . . . , k}, 
and X5,_|_-^ := X™p. Obviously, we have X'j^ U • • • U X'j,^j^ = X. It remains to show 
that the following properties are fulfilled: 
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1 l^i'^'llP' I^C-^OLp* y' 

2. For each j e {1, . . . , + 1}, there exists some pre-fixpoint p' with p' < p* |x'. 
such that fi>p,{l£{a')l ^ p*|x\x;.) = P*\xr- 

In order to prove statement 1, let j G {1, . . . , fc}. We have to show that 

Since Xi U • • • U Xj A ^ X^+i U • • • U Xj., there exists some variable assign- 
ment p' : Xj-|_i U • • • U Xfc — !■ M with p' <l p|xj+i u--- u such that 

(r'1(p|xo.^®p'))lx,u...ux, -(r'1(p|xo.-))lx,u...ux,. (18) 
We define p" : X'^^^ U • • • U X',^^-^ ^ M by 

rp'(x) ifxex;.+iu...uxi. 

p"(x)= <^ p(x) if X e X'fc_^i and x € X°'^ for ah x G X^_^i U • • • U X'^+j. 

[ p* (x) - 1 if X e X;^,^! and X ^ X°''' 

By construction, we have p" <l p* Ix'^^ u- - u x^^^ ■ Hence, we get 

ilSia')} (p*)) Ixi u... u x^ > (If ('t')I (p* ® P")) Ixi u... u x^ (p* > P* ® p") 

>(r'1(p|xo.-®p'))lxiu...ux;. 

= (If°'1(p|xo"))lxiu...ux'. (because of ^) 

1 J 1 1 

= (If°'''l(p*lx'>w))|x;u--ux;. (because of Lcmma[7]) 
= (If('T')l(P*))lxiu...ux- 

Thus, (If (a')l(P*©P"))lx;u...ux'. = (If (a')l(p*))|xiu...ux'- This proves state- 
mcnt 1. 

In order to prove statement 2, let j € {1, . . . , fc -I- 1}. We distinguish 2 cases. 
Firstly, assume that j < k. Since plx"" is a feasible finite fixpoint of If°'''], 
there exists some pre-fixpoint p' with p' < pjx^ — P*|xj such that ^>p'(If °''^] 
Plx°i-i\x,) = pIx, = P*|x, - Using monotonicity, we get /x>p/(|£:°'''] ^ pIx-'-^xx,) 
= pIx, = pIx,. Hence, p'|x;. : X^- ^ M, p'|x^ <]p|x^ = p*|x;., and p>p,|^, (If""'! 
^ Plxoi^xxp = /^>p'lx'. (If (^')1 ^ P*lx\x^) = P*|x^.- This proves statement 
2 for j < k. Now, assume that j = k + 1. By definition of XJ^._|_-^, pIx'^.^^ <1 
P*|x'^^^- Moreover, we get immediately that p\x'^^^ is a pre-fixpoint of If (c')] ^ 
P*lx\xi^^, and p>p\^, (If (cr')l ^ P*lx\x;_,^,) = pIx',^^^- This proves statement 
2. □ 



Example 16. We continue Example 12 Obviously, p = {xi i— 0,X2 i— —1} is a 
feasible solution of f (cti) = {xi = X2 -I- 1 A 0,X2 — — !}■ The V-strategy (J2 is 
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an improvement of the V-strategy ai w.r.t. p. By lemma [TBI P is £^lso a feasible 
pre-solution of £{(72) = {xi = X2 + 1 AO, X2 = \/xi}- The fact that p is a feasible 
pre-solution of £{(T2 ) is also shown in Example 15 □ 



The above two lemmas ensure that our V-strategy improvement algorithm stays 
in the feasible area, whenever it is started in the feasible area. In order to start in 
the feasible area, we in the following simply assume w.l.o.g. that each equation 
of £ is of the form x = —00 V e. We say that such a system of fixpoint equations 
is in standard form. Then, we start our V-strategy improvement algorithm with 
a V-strategy Cinit such that £((Tinit) = {x = —00 | x e X}. In consequence, —00 
is a feasible solution of f (uinit)- We get: 

Lemma 17. Let £ be a system of\/-morcave equations. For all i CzN, let pi he 
the value of the program variable p and ai be the value of the program variable a 
in the \J -strategy improvement algorithm (Algorithm^ after the i-th evaluation 
of the loop-body. Then, pi is a feasible pre-solution of £{ai+i) for all i e N. □ 

Example 17. We again consider the system £ = {xi = —00 V X2 -I- 1 A 0, X2 = 



—00 V —1 V Vxil of V-morcave equations introduced in Example 12 A run of 
our V-strategy improvement algorithm gives us 

£{^o) = {xi = -00, X2 = -00} po = {xi ^ -00, X2 ^ -00} 

£i<7l) = {Xl = -00, X2 = -1} Pi = {xi ^ -00, X2 ^ -1} 

£{(72) = {Xi = X2 + 1 A 0, X2 -1} P2 = {Xi 0, X2 -1} 

f (erg) = {xi X2 + 1 A 0, X2 V^i} P3 = {xi ^ 0, :x.2 ^ 0} 



By Lemma 17 pi is a feasible pre-solution of f (di+i) for all i = {0, 1, 2}. □ 



4.4 Evaluating V-Strategies / Solving Systems of Morcave 
Equations 

It remains to develop a method for computing /x>pj£] under the assumption 
that p is a feasible pre-solution of the system £ of morcave equations. This is an 
important step in our V-strategy improvement algorithm (Algorithm [T]) . Before 
doing this, we introduce the following notation for the sake of simplicity: 

Definition 8. Let £ be a system of morcave equations and p a pre-solution of 
£. Let 

X;- := {x I X = e e £, Hp = -c^} (19) 
X- := {x I X = e e £, Hp = ^} (20) 
X;:=X\(X;-UX-) = {x|x = eG£, Hp G M} (21) 
= {x = e e £ I X e x;}[-oo/X;-, oo/X-] (22) 
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The pre-solution suppresolpjf] of £ is defined by 

f-oo j/xex;°° 

suppresol4fl(x):=isup{p(x)|/3:X;,^M, p<I£'p} z/xeX^ (23) 
[oo z/xeX- 

/or all X G X. □ 

Remark 1. The variables assignment suppresolp|£] is by construction a pre- 
solution of £, but, as we will see in Example [l8j not necessarily a solution 
off. □ 

Under some constraints, we can compute suppresol^Jf ] by solving |X| convex 
optimisation problems of linear size. This can be done by general convex opti- 
mization methods. For further information on convex optimization, we refer, for 
instance, to Nemirovski [T3] . 

Lemma 18. Let £ be a system of mcave equations and p a pre-solution of £. 
Then, the pre-solution suppresolpjf] of £ can be computed by solving at most |X| 
convex optimization problems. 

Proof. Let X^°°, X^, X^, and £'p be defined as in Definition |8] We have to 
compute suppresolp|f ](x) = sup {p(x) | p : X^ — ^ M, /5 < |f ]/5} = sup {p(x) | 
p : X^ ^ M, (id - l£'l)p < 0} for all x e X^. Here, id denotes the identity 
function. Therefore, since id is affine, is concave (considered as a function 
that maps values from X^ — > M to values from X^ — 7> (M U {— oo}), and thus 
— ]/5 is convex (considered as a function that maps values from X^ ^ M to 
values from Xp — >■ (MU{oo}), the mathematical optimization problem sup {/o(x) | 
p : 'X.'p — >■ K, (id — |f ])/5 < 0} is a convex optimization problem. □ 

We will use suppresolp|f] iteratively to compute p>p|f] under the assumption 
that p is a feasible pre-solution of the system £ of morcave equations. As a first 
step in this direction, we prove the following lemma, which gives us at least 
a method for computing /i>p|£] under the assumption that £ is a system of 
cmorcaveequations. 

Lemma 19. Let£ be a system of morcave equations and p a feasible pre-solution 
of£. Let X-°°, X^, and X.'^ be defined as m Defimtion^ - Then: 



/x>p[£:i(x) = suppresol4fl(x) = -c» /or x e X;°° (24) 

li>pl£j{x) > suppresolp|f](x) for all x e X^, (25) 

/x>p|f](x) = suppresolp|£:](x) = oo for all e X.'^ (26) 



If £ is a system of cmorcave equations, then the inequality in ( 25 ) is in fact an 
equality, i.e., we have 

p>p[fl =suppresol„[£l. (27) 
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Proof. Let S'^ be defined as in Definition [s] ([22| . We first prove ([24]) - ([26]). Let 
X £ X. If X e X^°° U X^, tlien tlie statement is obviously fulfilled, because p 
is feasible and thus e ~ — oo for all equations x = e from £ with |e]p = — oo. 



This gives us ([24]) and (26|. Assume now that x e X'. Let p' :— pjx' and 



p* := ^>p'[[^^pl- We have to show that 

p*(x) > sup {p(x) \p:X'p^R, p< lE'pjp}. (28) 

If p*(x) = oo, there is nothing to prove. Therefore, assume that p*(x) < oo. 
Then p*(x) e M. Let X^' := {x" e X^ | p*(x") < oo}. Then, X^' = {x" e X^ | 
p*(x") e M}. Let := {x" = e € £; | x" e X;'}[^/(X;,\X;')], and p" := p|x;,'. 
The pre-solution p" off" is feasible. Hence, p*|x" is a feasible finite pre-solution 



of £p, i.e., a feasible finite fixpoint of Therefore, we finally get (25) using 

Lemma |8l 



Before we actually prove (27 1, we start with an easy observation. The se- 
quence (|fp]'^p')fegN is increasing, because p' is a pre-solution of S'p. Further 
: X;, ^ M and fS'^j'^p' < IS'pUlS'pf p') for aU fc e N. Hence, we get 

sup {p(x) \p:X'p^R, p< lE'pjp} > sup {{IS'^f p'){^) \keN} (29) 



Now, assume that £" is a system of cmorcave equations. In order to prove (27), 
it remains to show that p*(x) < sup {/5(x) | /5 : X^ ^ M, p < lE'plp}. Since [f^J 
is monotone and upward-chain-continuous on {p : X^ — !■ M | p > p'}, we have 



p* = yqS'pfp' I fc e N}. Using ([29]), this gives us p*(x) < sup {p(x) | p : X; 



P ^ Kl/Sji as desired. □ 



If the equations are morcave but not cmorcave, then the inequality in (25) can 
indeed be strict as the following example shows. 

Example 18. Let us consider the following system E of morcave equations: 

1 , jo ifx2<oo 

Xi = 1 X2 = Xi + X2 ^3 = < , (30) 

II if X2 = oo 

Observe that the third equation is not cmorcave, since, for the ascending chain 
C = {{X2 fc} I fc e N}, we have VIHp | p G C} = < 1 = [eKV C), where e 
denotes the right-hand side of the third equation. The variable assignment 

p {xi 0, X2 i-^ 0, X3 ^^ 0} (31) 

is a feasible pre-solution, since 

p* := p>pl£j = {xi 1, X2 i-^ oo, X3 ^ 1} (32) 

is a feasible solution of £. Now, let the variable assignment pi be defined by 

pi suppresolplf]. (33) 



25 



Lemma [T9| gives us pi < p* , but not pi = p* ■ Indeed, we have 

Pi = {xi i-> 1, X2 i-^ oo, X3 0} < p*. (34) 

We emphasize that Pi(x3) — 0, because |e]/5 = for all /5 : X — > M, where e 
denotes the right-hand side of the third equation of [30] 

How we can actually compute p* , remains an open question. The disconti- 



nuity at X2 = c» is the reason for the strict inequality in (34). However, since 
upward discontinuities can only be present at 00, there are at most n upward 
discontinuities, where n is the number of variables of the equation system. Hence, 



we could think of using ( 33 ) to get over at least one discontinuity. 

Let us perform a second iteration for the example. We know that pi < p* ■ 
Moreover, by definition, pi is also a feasible pre-solution of £. For the variable 
assignment p2 that is defined by p2 '■= suppresolp^ |£] we obviously have p* = p2- 
We will see that this method can always be applied. More precisely, we can 
always compute p* after performing at most n such iterations. □ 

In order to deal not only with systems of cmorcave equations, but also with 
systems of morcave equations, we use Lemma [19] iteratively until we reach a 
solution. That is, we generalize the statement of Lemma [l9] as follows: 

Lemma 20. Let£ be a system of morcave equations and p a feasible pre-solution 
of £ . For all i e N, let suppresolplf] be defined by 

suppresol^I^l p (35) 
suppresolp+^ {£} := suppresol,^pp,g,„|j_j£j {£} for all i £ N. (36) 

Then, the following statements hold: 

1. (suppresolp|£])igN is an increasing sequence of feasible pre-solutions of £ . 

2. suppresolp|£] < /i>plfl for all i e N. 

3. suppreso|l^'ll£l =M>p[fl. 

4-. suppresolpjf] = //>p|£], whenever £ is a system of cmorcave equations. 

Proof. The first two statements can be proven by induction on i using Lemma 
[TOl The third statement follows from the fact that, for any feasible pre-solution 
p of a system £ of morcave equations, suppresolp|5] < /i>p|f ] implies that there 
exists some variable x G X such that p(x) < 00 and suppresolp[[£](x) = 00. The 
fourth statement is the second statement of Lemma [HI □ 



Example 19. For the situation in Example 18 wehave/x>p[£] suppresolpl^J 



suppresolp|£] > suppresolp|f ] > p. □ 



Because of the definition of suppresolp (see Definition [s]) , Lemma 20 implies the 
following corollary: 

Corollary 1. Let £ be a system of morcave equations and p a feasible pre- 
solution of £ . Then, the value p>p\£\ only depends on £ and X^ := {x | x = 
e e |e]/9 = 00}. □ 
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4.5 Termination 



It remains to show that our V-strategy improvement algorithm (Algorithm [T]) 
terminates. That is, we have to come up with an upper bound on the number of 
iterations of the loop. In each iteration, we have to compute ^>p|£(f7)], where 
/9 is a feasible pre-solution of f (tr). This has to be done until we have found a 
solution. By Corollary [Tj ^>p|f (tr)] only depends on the V-strategy a and the 
set := {x I X = e e f (ct), |e]p = oo}. During the run of our V-strategy 
improvement algorithm, the set monotonically increases. This implies that 
we have to consider each V-strategy a at most |X| times. That is, the number of 
iterations of the loop is bounded from above by |X| • Summarizing, we have 
shown our main theorem: 

Theorem 1. Let £ he a system of W -morcave equations in standard form. Our 
W -strategy improvement algorithm computes ] and performs at most |X| • \ 
M-strategy improvement steps. □ 

In our experiments, we did not observe the exponential worst-case behavior. All 
examples we know of require linearly many V-strategy improvement steps. We 
are also not aware of a class of examples, where we would be able to observe the 
exponential worst-case behavior. Therefore, our conjecture is that for practical 
examples our algorithm terminates after linearly many iterations. 



Parametrized Optimization Problems as Right-hand 
sides 



In the static program analysis application that we discuss in Section [6j the 
right-hand sides of the fixpoint equation systems we have to solve are maxima 
of finitely many parametrized optimization problems. In this special situation, 
we can evaluate V-strategies more efficiently than by solving general convex 
optimization problems as described in Section |4] (see Lemma 18 19 and 20 1. We 
provide a in-depth study of this special situation in this section. 



5.1 Parametrized Optimization Problems 

We now consider the case that a system £ of fixpoint equations is given, where 
the right-hand sides are parametrized optimization problems. In this article, we 
call an operator g : M — >■ M a parametrized optimization problem if and only if 

g{x) = sup {/(y) I V e y(xi, . . . , x„)} for aU x e 1", (37) 

where / : M''' ^ M is an objective function, and Y : M" 2^''^ is a map- 
ping that assigns a set Y{x) C M'^ of states to any vector of bounds a; S M . 
The parametrized optimization problem g is monotone on M , whenever Y 
is monotone on R . It is monotone on M and upward chain continuous on 
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g {— 00} 1^ whenever / is continuous on M.^ and Y is monotone on m" and 

upward chain continuous on Y^'^{2^'' \ {0}|^ In the following, we are concerned 
with the latter situation. A parametrized optimization problem g that is mono- 
tone on M and upward chain continuous on (7~^(IR \ {— cx)}) is called upward 
chain continuous parametrized optimization problem. 

Example 20. Assume that Y and / are given by 

Y{x) {y e M'' I v4y < x} for all a; G S", and (38) 

f{y) := h + c^y for all y € M^ (39) 

where A e M"""", & e M, and c G M'^. Then, g is defined through Equation 



(37) is an upward chain continuous parametrized optimization problems. To be 
more precise, it is a parametrized linear programming problem (to be defined). 
Although this is also an interesting case (cf. Gawlitza and Seidl [5|), in the fol- 
lowing, we mainly focus on the more general case where the right-hand sides are 
parametrized semi-definite programming problems (to be defined). In this exam- 
ple, the right-hand side is not only upward chain continuous, it is even cmcave. 
To be more precise, on the set of points where it returns a value greater than —00 
it is a point-wise minimum of finitely many monotone and affine operators. □ 



5.2 Fixpoint Equations with Parametrized Optimization Problems 

Assume now that we have a system of fixpoint equations, where the right- 
hand sides are point-wise maxima of finitely many upward chain continuous 
parametrized optimization problems. If we use our V-strategy improvement al- 
gorithm to compute the least solution, then, for each V-strategy improvement 
step, we have to compute /i>p(, \£\ for a system £ of fixpoint equations whose 
right-hand sides are upward chain continuous parametrized optimization prob- 
lems, and po is a pre-solution of £. We study this case in the following: 

Assume that 5 is a system of fixpoint equations, where the right-hand sides 
are upward chain continuous parametrized optimization problems. For simplicity 
and without loss of generality, we additionally assume that a variable assignment 
po : X — > M is given such that 

-00 < Po < I'^Ipo < 00. (40) 

We are interested in computing the pre-solution suppresol^^ ] of £. In the case 
at hand, this means that we need to compute p* : X — > M that is defined by 

p* (x) sup {p(x) I p : X ^ M and p < If ]p} for aU x G X. (41) 

® A monotone function g : K" — >■ K is upward chain continuous on an upward closed 
set X C 1 if and only if g{\j C)^\J g{C) for all non-empty chains C C X. 

^ A monotone function Y : R" — >■ 2* is upward chain continuous on an upward closed 
set X C S" if and only if F(V C) = (J Y(C) for all chains C C X. 
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Algorithm EvalForMaxAtt As a start, we firstly consider the case where all 
right-hand sides are upward chain continuous parametrized optimisation prob- 
lems of the form sup {/(y) | y € i^(xi, . . . , x„)}, where 

sup{/(y) I y e Y{xi,...,Xn)} = max{/(y) | y G Y{xi, . . . ,Xn)} (42) 

for all xi, . . . , x„ e M with — cxd < sup {/(y) | y € Y{xi, . . . , Xn)} < oo. We 
say that such a parametrized optimization problem attains its optimal value for 
all parameter values. Parametrized linear programming problems, for instance, 
are parametrized optimization problems that attain their optimal values for all 
parameter values. In the case at hand, the variable assignment p* can be char- 
acterized as follows: 

p*(x) := sup {p(x) I p : Xc(5) -I- M and p < lC{£)jp} for all x e X, (43) 

where the constraint system C{£) is obtained from £ by replacing every equation 

x = sup{/(y) |yer(xi,...,x„)} (44) 

with the constraints 

x< /(yi,...,yfe) (yi,...,yfc) e F(xi,...,x„), (45) 

where yi, • • • , arc fresh variables. 

As we will see in the remainder of this section, the above characterization 
enable us to compute p* using specialized convex optimization techniques. If, 
for instance, the right-hand sides are parametrized linear programming problems 
(to be defined), then we can compute p* through linear programming. Likewise, 
if the right-hand sides are parametrized semi-definite programming problems (to 
be defined), then we can compute p* through semi-definite programming. 

Example 21. Let us consider the system £ of equations that consist of the fol- 
lowing equations: 

xi = sup {x'^ e K I a;i e R, x'^ < 0} (46) 
X2 = sup {4' e K I 4, 4' e M, < 4 < xi, 4 < 1} (47) 

We aim at computing the variable assignment p* : X ^ M defined by 

p*(x) := sup {p(x) I p : X M and p < [fj/o} for ah x e X. (48) 

All right-hand sides of the equations are upward continuous parametrized op- 
timization problems that attain their optimal value for all parameter values. 
Hence, we can apply the above described method to compute p* . If we do so, 
the system C{£) of inequalities consist of the following inequalities: 

xi < x'l x'l < X2 < x'2' < x'2 < xi x'2' < 1. (49) 
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According to Equation (431, for all i £ {1, 2}, we thus have 

p* (Xj) = sup {x,; I Xi , x'l , X2 , X2 , X2 G M, (50) 
Xl < X'i,x'i < 0,X2 < x^',0 < x^ < Xl,X^' < 1} (51) 

Observe that these optimization problems are actually linear programming prob- 
lems. Solving these linear programming problems gives us, as desired, p* = 
{Xi l-^ 0, X2 i-^- 1}. □ 

Algorithm EvalForGen If we are not in the nice situation that all parametrized 
optimization problems attain their optimal values for all parameter values, then 
we have to apply a more sophisticated method to compute p* . The following 



example, that is obtained from Example 21 illustrates the need for more sophis- 
ticated methods. 

Example 22. We now slightly modify the fixpoint equation system £ from Ex- 
ample 21 by replacing Equation (46) by the equation Xi = sup {x[ £ M. \ x[ G 



M, x'^ < 0}. That is, we are now concerned with strict inequality instead of 
non-strict inequality. In consequence, the parametrized optimization problem 
does not attain its optimal value for any parameter value. The fixpoint equation 
system £ now consists of the following equations: 

Xl = sup {x[ £R\x[£R, x[ < 0} (52) 
X2 = sup {x2 e R I x'2,X2 £ R, < ^2 < ^1 , x'^ < 1} (53) 



This modification does not change the value of p* (defined by Equation (48)), 
since the right-hand side of the first equation still evaluates to 0. However, the 
system C{£) of inequalities is now given by 

Xl < x'l x'l < X2 < X2 < X2 < Xl X2 < 1. (54) 

Since the above inequalities imply < X2 < xi < x'j^ < and thus < 0, there 
is no solution to the above inequalities. Therefore, we cannot apply the methods 



we applied in Example 21 to compute p* . □ 



We now describe a more sophisticated method to compute p* . For all variable 
assignments po and p, we define the system £po.p of equations as follows: 

£po,P ■= {x = Po(x) \x = e££ and po(x) > lejp} 

U{x = e|x = ee5 and po(x) < lejp} (55) 

That is, £pg,p contains all equations x = e of £ whose right-hand sides e evaluate 
under p to a value greater than po (x) . The other equations of £ are replaced by 
X = po (x) . We again assume that po is a variable assignment with —00 < po < 
I^Jpo^oo. For all k £ N>o, we then define the variable assignment pk inductively 
by 

Pfc(x) := sup {p(x) I p : X ^ M and p < l£p„^p^_Ap} for all x e X. (56) 

Now, p* is the limit of the sequence {pk)keN and the sequence reaches its limits 
after at most |X| steps: 
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Lemma 21. The sequence {pk)keN of variables assignments is increasing, pk < 
p* for all k e N, pk+i > Pk if Pk < P* , and p|x| = P* ■ Moreover, pk{x) = 
sup{p(x) I p : Xc(£p^_p^_j M and p < lC{£p„^p^_Jlp} for all k and allxE X. 

□ 

Example 23. Let us again consider the fixpoint equation system £ from Example 
22 We again aim at computing the variable assignment p* : X — > M that is 



defined by p*(x) := sup{p(x) | p : X ^ M and p < lEjp} for aU x e X. Since 
— oo O po < ['^■Ipo <1 oo for pq :— {xi > 0, X2 i— >■ 0}, we can apply the method 
we just developed. The system £po,po is given by 

xi = X2 = sup {x'2 € M I X2, G M, < 2^2 — ^i; ^'2 — 1} (57) 

Therefore, the constraint system C{£pg^pg) is given by 

xi < X2 < x^' < x^ < xi x^' < 1 (58) 

Solving the optimization problems that aims at maximizing Xi and X2, respec- 
tively, we get pi = {xi i-> 0, X2 i-> 1}. We then construct the fixpoint equation 
system Sp^^p-^ - The system £po,p^ is equal to the system Spg^pg, and thus C{£p„,p-^) 
is equal to the system C{£p„^pg). Therefore, we get p* = pi by Lemma 
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□ 



Algoritm EvalForCmorcave In our static program analysis apphcation we dis- 
cuss in the next section, we have the comfortable situation that our right-hand 
sides are not only upward continuous parametrized optimization problems, but 
they are additionally cmcave. We can utilize this in order to simplify the above 
developed procedure EvalForGen. The following lemma is the key ingredient for 
this optimization: 

Lemma 22. Let p be a feasible pre-solution of a system £ of cmorcave equations. 

I XI 

For all X G X, we have /i>p|£](x) > p(x) if and only if /o)(x) > p{x). 

Proof (Sketch). Since p is a feasible pre-solution of £, we can w.l.o.g. assume 
that Jejp > —00 for all equations x = e of f . Therefore, {£} is upward chain 
continuous on (X — )■ K)>p. The statement finally follows from the fact that |£] 
is additionally monotone and order-concave. □ 

Assume now that we want to use our V-strategy improvement algorithm to 
compute the least solution of a system of V-cmorcave equations. In each V- 
strategy improvement step, we are then in the situation that we have to com- 
pute p* := /i>p|f], where p is a feasible pre-solution of a system £ of morcave 



equations (cf. Lemma 17). By Lemma 22 we can compute the set 



X':={xeX|p*(x)>p(x)} (59) 
by performing |X| Kleene iteration steps. We then construct the equation system 
f := {x = e e f I X e X'} U {x = p(x) | x G X \ X'} (60) 
By construction, we get: 
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Lemma 23. p*(x) sup{p(x) 
X e X. 



and p < lC{£')lp} for all 



□ 



In consequence, we can compute p* by performing |X| Kleene iteratfon steps 
followed by solving |X| optimization problems. 

Example 24- Let us again consider the fixpoint equation system £ from Exam- 
ple [22] and [23| That is, £ consists of the following equations: 



xi = sup {x[ eR\x[eR, x[ < 0} 

X2 = sup {x'^ e M I 4, X2 e M, < < xi, 4' < 1} 



(61) 
(62) 



The fixpoint equation system £ is a system of cmorcave equations. The pre- 
solution p := {xi i-)- 0, X2 0} of £ is feasible. Moreover, we have —oo <\ p < 
\£\p <\ 00. We aim at computing p* :— /i>p|f ]. 

We have l^l'^'p = l£fp = {xi 0,^2 ^ 1}. By Lemma [22] we thus get 
X' := {x e X I p*(x) > p(x)} = {X2} (cf. (lf9|). Lemma [23] finally gives us 



p*(xi) = sup {X; I Xi,Xi,X2,X2,X2 G M, Xi < 0, X2 < Xj , < xJj < Xi , X2 < 1}. 

(63) 



for all i € {1, 2} (cf. Example 23). This is the desired result. We performed two 
Kleene iteration steps and solved two mathematical optimization problems. □ 



5.3 Parameterized Linear Programming Problems 

We now introduce parameterized linear programming problems. We do this as 

follows. For all A e M*^^" and all c e M™, we define the operator LP^.c : m'' ^ 1 
which solves a parametrized linear programming problem by 

LPA,c{b) ■= sup {c^x I X e M™ and Ax < b} for aU 6 e l^ (64) 

We use the LP-operators in the right-hand sides of fixpoint equation systems: 

Definition 9. (LP-equations, V- LP- equations) A fixpoint equation x = e is 
called LP-equation if and only if e is a parametrized linear programming prob- 
lem. It is called V-LP-equation if and only if e is a point-wise maximum of 
finitely many semi-definite programming problems. □ 

LP-operators have the following important properties: 

Lemma 24. The following statements hold for all A E R'^^"^ and all c e M™; 

1. The operator LP^^c *s cmcave. 

2. LPa,c(&) = max{c^a; | x G and Ax < b} for all b € M.'' with -oo < 
LP^^c(^) < oo. That is, the parametrized optimization problem LP^i.c cit- 
tains its optimal value for all parameter values. 
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Proof. We do not prove the first statement, since, as we will see, it is just a special 



case of Lemma 25 (see below). This second statement is a direct consequence of 
the fact that the optimal value of a feasible and bounded linear programming 
problem is attained at the edges of the feasible space. □ 

If we apply our V-strategy improvement algorithm for solving a system of V- 
LP-equations, then, because of Lemma |24[ we have the convenient situation 
that we can apply Algorithm EvalForMaxAtt instead of its more general variant 
EvalForGen for evaluating a single V-strategy that is encountered during the 



V-strategy iteration (see Section 5.2). We thus obtain the following result: 



Theorem 2. If £ is a system of M -LP-equations, then the evaluation of a V- 
strategy that is encountered during the M -strategy iteration can he performed 
by solving |X| linear programming problems, each of which can be constructed 
in polynomial time. In consequence, a M -strategy improvement step can be per- 
formed in polynomial time. □ 

Theorem [l] implies that our V-strategy improvement algorithm terminates after 
at most |X| • \ E\ V-strategy improvement steps, whenever it runs on a system £ 
of V-LP-equations. 

A consequence of the fact that we can evaluate V-strategies in polynomial 
time is the following decision problem is in NP: Decide whether or not, for a 
given system £ of V-LP-equations, a given variable x G X, and a given value 
6 G R, the statement ^|£](x) < h holds. This decision problem is at least as 
hard as the problem of computing the winning regions in mean payoff games. 
However, whether or not it is NP-hard is an open question. 

5.4 Parameterized Semi-Definite Programming Problems 

As a strict generalization of parameterized linear programming problems, we now 
introduce parameterized semi-definite programming problems. Before we can do 
so, we have to briefly introduce semi-definite programming. 

Semi-definite Programming (resp. denotes the set of sym- 

metric matrices (resp. the set of positive semidefinite matrices). ^ denotes the 
Lowner ordering of symmetric matrices, i.e., A< B if and only \iB—A G S"]!"^". 
Tv{A) denotes the trace of a square matrix A € M"^", i.e., Tr(A) = X]"=i 
The inner product of two matrices A and B is denoted hy Au B, i.e.. A* B = 
Tr(yl^B). For {Ai,..., A^) with A^ e E"^" for ah i 1, . . . , to, we denote 
the vector (Ai • X, . . . , Am • Xy by A{X). For all a; G M", the dyadic matrix 
X{x) is defined by 

X(x):=Q(l,x^). (65) 

We consider semidefinite programming problems (SDP problems for short) of 
the form 

z* ^snp{C»X\X e SRl'''\A{X) = a,B{X) < b}, (66) 



33 



where (Ai, . . . , A„,), a G M™, Ai, . . . , A„ e ^M"^", B = (Bi, . . . , S^), 

Bi, . . . ,Bfc G 5 e M^ and C e S^E"^". The set {X e S'M!;:''" | A{X) = 

a, B{X) < b} is called the feasible space. The problem is called feasible if and only 
if the feasible space is non-empty. It is called infeasible otherwise. An element of 
the feasible space is called feasible solution. The value z* is called optimal value. 
The problem is called bounded iff z* < oo. It is called unbounded, otherwise. A 
feasible solution X* is called an optimal solution if and only if z* — C • X* . 
In contrast to the situation for linear programming, there exist feasible and 
bounded semi-definite programming problem that have no optimal solution. 

For semi-definite programming problems, fast algorithms exist. Semi-definite 
programming is polynomial time solvable if an a priori bound on the size of the 
solutions is known and provided as an input. 

For more detailed information on semi-definite programming, or, more gen- 
erally, on convex optimization, we refer, for instance, to Nemirovski |13) . Todd 

US- 
Parametrized SDP Problems For A = {Ai, . . . , A„), Ai,...,A„i£ SM"^", 

a e R"\ 6 = (Si, ... , Bfc), Bi, . . . , Bfe e 5M"^", and C G SM"^", we define the 


operator SDP_A^^a,i3.c '■ ^ — > M which solves a parametrized SDP problem by 
ST>PA,a,B,c{b) sup{C.X | XeSRl'''' , A{X) = a,B{X) < b} for all b e M.'' . 

The SDP-operators generalizes the LP-operators in the same way as semi-definite 
programming generalizes linear programming. That is, for every LP-operator we 
can construct an equivalent SDP-operator. 

Definition 10. (SDP- equations, \/ -SDP-equations) A fixpoint equation x. — e is 
called SDP-equation if and only if e is a parametrized semi-definite programming 
problem. It is called V-SDP-equation if and only if e is a point-wise maximum 
of finitely many semi-definite programming problems. □ 

For this article, the following properties of SDP-operators are important: 

Lemma 25. The operator SDP_4,Q,e,c is cmcave. 

Proof Let / := S'DFA.a,B.c- For ah b G M^ let M{b) := {X e S'M"''" | 
AiX) = a, B{X) < b}. Therefore, f(b) = sup {C • X \ X £ M{b)} for aU b G 
We do not need to consider all / : {!,..., fc} — > {— oo,id,oo}, because, for 
all I :{!,..., k}^ {-oo, id, oo}, /(^) can be obtained by choosing appropriate 
A, a, B, C. The fact that / is monotone is obvious. Firstly, we show that f{b) < oo 
holds for all & G K*^, whenever fdom(/) ^ 0. For the sake of contradiction assume 
that there exist 6i, 62 G M'^ such that /(61) G M and /(&2) = 00 hold. Note that 
M{bi) are convex sets for all i G {1,2}. Thus, there exists some D G S'M"^" 
such that C • L» > and M{b2) + {AD | A G K>o} Q M{b2) hold. Therefore, 
A{D) = and B{D) < 0. Let Xi G SRI'''' with AiXi) = a and B{Xi) < 61. 
ThenAiXi+XD) = AiXi)+XAiD) ^ aaiidB{Xi+XD) = B{Xi)+XBiD) < bi 
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hold for all A > 0. Thus, f{bi) — oo — contradiction. Thus, f{b) < oo holds for 
all 6 e M'', whenever fdom(/) ^ 0. 

Next, we show that fdom(/) is convex and /|fdom(/) is concave. Assume that 
fdom(/) ^ 0. Thus, f{b) < oo for all b £ Let 6i, 62 € fdom(/), A e [0, 1], and 
b := A&i + (1 — X)b2- In order to show that 

AM(6i) + (1 - X)M{b2) C M{b) (67) 

holds, let Xi e M{bi), i = l,2, and X ^ XXi + {1 - X)X2. Since e S'M"''", 
^(X,) = a, and 6(Xj) < bi for all i = 1,2, we have X e S'M"''", yl(X) = 
XAiXi) + {l-X)A{X2) = a, B{X) = XB{Xi) + {l-X)B{X{) < A6i + (1-A)62 = b. 
Therefore, X e M{b). Using ([67]), we finally get: 



fib) = sup{C • X I X e Af (fe)} 

> Asup{C •XilXie M{bi)} + (1 - A) sup{C • X2 \ X2 e M{b2)} (69) 
= A/(6i) + (1 - A)/(62) > (70) 

Therefore, fdom(/) is convex and /|fdom(/) is concave. 

It remains to show that / is upward chain continuous on /^^(M \ {—00}). 
For that, let B C /-i(M\ {-00}) be a chain. We have 

f{\jB)^8up{C>X\XeM{\jB)} (71) 

= sup {C • X I X e [j{Mib) \ beB}} [M is continuous) (72) 

= sup {sup {C • X I X e M{b)} I e B} (73) 

= sup {/(6) I e i?} (74) 

This proves that / is upward chain continuous on /^^(M \ {—00}). □ 

The next example shows that the square root operator can be expressed through 
a SDP-operator: 

Example 25. The square root operator ^ : M — > M is defined by \/b :— sup{a; G 
M I < 6} for aU 6 e M. Note that Vb = -00 for all b <0, and ^/oo = 00. Let 



.4:Hl")V S:. ((»?)). C:^(tll (75, 



ooyy ' ' v^o lyy ' o 

For x,b £ IR>o, the statement < 6 is equivalent to the statement 3b' .x^ < 
b' < b. By the Schur complement theorem (c.f. Section 3, Example 5 of Todd 
[Tr] . for instance), this is equivalent to 

3b'.(^ hOAb' <b. (76) 



This is equivalent to 3X e SRI^'^.x = X1.2 = X2.1 A A{X) = a A B{X) < b. 
Thus, Vb = SDP^,a,B,c(^) for ah 5 G 1. □ 
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If f is a system of V-SDP-equations, then, because of Lemma [25) we have the 
convenient situation that we can apply Algorithm EvalForCmorcave instead of 



its more general variant EvalForGen (see Section 5.2) to evaluate the V-strategies 
that are encountered during the V-strategy iteration. This case is in particular 
interesting for the static program analysis application we will describe in Section 

El 

Theorem 3. If £ is a system of M -SDP-equations, then the evaluation of a V- 
strategy that is encountered during the M -strategy iteration can be performed by 
performing |X| Kleene iteration steps and subsequently solving |X| semi-definite 
programming problems, each of which can be constructed in polynomial time. □ 

Theorem [l] implies that our V-strategy improvement algorithm terminates after 
at most |X| • \ E\ V-strategy improvement steps, whenever it runs on a system £ 
of V-LP-cquations. 



6 Quadratic Zones and Relaxed Abstract Semantics 

In this section, we apply our V-strategy improvement algorithm to a static pro- 
gram analysis problem. For that, we first introduce our programming model as 
well as its collecting and its abstract semantics. We then relax the abstract se- 
mantics along the same lines as Adje, Gaubert, and Goubault [T] using Shor's 
semidefinite relaxation schema. Finally, we show how we can use our finding to 
compute the relaxation of the abstract semantics. 



6.1 Collecting Semantics 

In our programming model, we consider statements of the following two forms: 

1. X := Ax + 6, where A g K"^", and 6 G E" (affine assignments) 

2. x'^ Ax + 26^x < c, where A e b S K", and c e M (quadratic guards) 

Here, x e E" denotes the vector of program variables. We denote the set of 
statements by Stmt. The collecting semantics |s] : 2* —^2^ of a statement 
s G Stmt is defined by: 

la; := Ax + bjX := {Ax + b \ x e X} for all X C M" (77) 

Ix'^Ax -f 2b'^x < cjX ■.= {xeX \ x'^Ax + 2b^ x < c} for all X C M" (78) 

A program G is a triple (iV, iJ, st, /), where iV is a finite set of control-points, 
E C N X Stmt X TV is a finite set of control-fiow edges, st g is the start 
control-point, and / C M" is a set of initial values. The collecting semantics V of 
a program G ~ {N, E, st, /) is then the least solution of the following constraint 
system: 

V[st] D I V[v] D H(V[m]) for all (u, s,v) e E (79) 

Here, the variables V[d], v & N take values in 2* . The components of the 
collecting semantics V are denoted by V[v] for all v £ N. 
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6.2 Quadratic Zones and Abstract Semantics 

Along the lines of Adje, Gaubert, and Goubault pTI, we define quadratic zones 
as follows: A set P of templates p : M" — > M is a quadratic zone if and only if 
every template p d P can be written as 

p{x) = x'^ApX + 2bjx for all x e M", (80) 

where Ap G 511"^" and bp G M" for all p G P. In the remainder of this article, we 
assume that P = {pi, . . . ,Pm} is a finite quadratic zone. Moreover, we assume 
w.l.o.g. that Pi ^ for all z = 1, . . . , m. The abstraction a : 2* — > P — > M and 
the concretization 7 : (P M) 2* are defined as follows: 

7(w) := {x e M" I \/p e P.p{x) < v{p)} for all 1; : P ^ M (81) 

a{X) -.^ /\{v : P ^ 1 I 7(w) D X} for all X C M" (82) 

As shown by Adje, Gaubert, and Goubault [1], a and 7 form a Galois-connection. 
The elements from 7(P — >■ M) and the elements from a(2^ ) are called closed. 
a{'^{v)) is called the closure of v : P ^ R. Accordingly, 7(a(A)) is called the 
closure of X CM." . 

As usual, the abstract semantics Js]" : (P — > M) — > P — > M of a statement 
s is defined by [s]" :— a o |s] o 7. The abstract semantics of a program 
G = {N, E, st, /) is then the least solution of the following constraint system: 

V''[st]>a(/) Y^[v]>lsf{V^[u]) for all (u, s, -y) e P (83) 

Here, the variables V^v], v G N take values in P -> M. The components of the 
abstract semantics V " are denoted by [v] for all v G N. 



6.3 Relaxed Abstract Semantics 

The problem of deciding, whether or not, for a given quadratic zone P, a given 
t; : P — 7> Q, a given p G P, and a given q £ Q, a{^{v)){p) < q holds, is NP-hard 
(cf. Adje et al. [T]) and thus intractable. Therefore, we use the relaxed abstract 
semantics introduced by Adje, Gaubert, and Goubault [T]. It is based on 
Shor's semidefinite relaxation schema. In order to fit it into our framework, we 
have to switch to the semi-definite dual. This is not a disadvantage. It is actually 
an advantage, since we gain additional precision through this step. 

Definition 11 (Jx := Ax + 6]^). We define the relaxed abstract semantics 
Ix := Ax + 6]^ : (P M) — > P — M of an affine assignment x := Ax + b by 

Ix := Ax + bj^v (p) (84) 

:= sup{A(p).A I Vp' e P.Ap,»X < v{p'),X h 0, Am = 1} (85) 

for all V : P ^ R and all p (z P, where, for all p' G P , 

A{p) ■= A^ApA, b{p) := A'^Apb + A'^bp, c{p) := b'^Apb + 2bjb (86) 
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Definition 12 (Jx^Ax + 2b^x < c]^). We define the relaxed abstract se- 
mantics |a;^Aa; + 2b^x < c]^ : {P ^ M.) ^ P ^ M. of a quadratic guard 
x^ Ax + 2b^x < c by 

Ix'^Ax + 2b^x < cf^v (p) (88) 
:= sup{Ap.X I Vp' e P.Ap,»X < v{p'),AmX < 0,X ^ 0,Xi.i - 1} (89) 

for all V : P ^ R and all p £ P, where, for all p' € P, 

The relaxed abstract semantics |-]^ is the scmidefinitc dual of the one used by 
Adje, Gaubert, and Goubault [T|. By weak-duality, it is at least as precise as the 
one used by Adje, Gaubert, and Goubault [T]. 

Next, we show that the relaxed abstract semantics is indeed a relaxation of 
the abstract semantics, and that the relaxed abstract semantics of a statement 
is expressible through a SDP-operator. 

Lemma 26. The following statements hold for every statement s G Stmt; 
1. Isf < 

8. For every i G {1, . . . , to}, there exist A, a, B, C such that 

Isj'^v (p,) - SBPA.a.B.civipi), vip„^)) (91) 

for all V : P ^ R. From s, the values A, a, B, and C can be computed in 
polynomial time. □ 

Proof. Since the second statement is obvious, we only prove the first one. We 
only consider the case that s is an affine assignment x := Ax + b. The case that s 
is a quadratic guard can be treated along the same lines. Let v : P R, p G P, 
and v' |x := Ax + bfv. Then, 

v'{p) = sup{p(Aa; + b) \ x e M", Vp' G P.p'{x) < v{p')} (92) 

= supix'^ A{p)x + 26^ {p)x + c{p) I (93) 

X G M",Vp' G P.x'^Ap'X + 2bJ,x < v{p')} (94) 

= snp{{l,x'^)A{p){l,x'^y \\fp' e P.{l,x'^)Ap,{l,x'^y < v{p')} (95) 

= sup {A{p)»X{x) I Vp' G P.Ap>»X{x) < v{p')} (96) 

< sup{A(p).X I Vp' G P.Ap,»X < v{p'),X t 0,Xi.i = 1} . (97) 

The last inequality holds, because X{x) ^ and X{x)i.i = 1 for all x G M". 
This completes the proof of statement 1. □ 

A relaxation of the closure operator a o 7 is given by fx :— a;]^. That is, a o 7 < 
Ix := xF. 
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The relaxed abstract semantics of a program G = {N,E,st,I) is finally 
defined as the least solution of the following constraint system: 

V'^[st] > a{I) V^H > Is]^(V^[u]) for aU {u,s,v) G E 

Here, the variables V^[w], v ^ N take values in P — > M. The components of the 
relaxed abstract semantics are denoted by y^[ti] for all v ^ N. 

Because of Lemma |26[ the relaxed abstract semantics of a program is a safe 
over-approximation of its abstract semantics. If all templates and all guards are 
linear, then the relaxed abstract semantics is precise (cf. Adje et al. [T]): 

Lemma 27. We have V'^ < V^. Moreover, if all templates and all guards are 
linear, then = V''^ . □ 



6.4 Computing Relaxed Abstract Semantics 

We now use our V-strategy improvement algorithm to compute the relaxed ab- 
stract semantics of a program G — {N, E, st, /) w.r.t. a given finite quadratic 
zone P = {pi, . . . ,Pm}- For that, we define C to be the constraint system 

Xst,p > a{I) (p) for all p e P (98) 

Xi,,p > (|s]'^(x„,pi, . . . ,x„^p„)^)(p) for all (w,s,w) € E, and aU p e P (99) 

which uses the variables X = {Xv,p \ v ^ N, p £ P}. The value of the variable 
Xy p is the bound on the template p at control-point v. 

Because of Lemma [26] from C we can construct a system £ of SDP-equations 
with ] = /x|C] in polynomial time. Finally, we have: 

Lemma 28. V'^[v]{p) = ^|£](xt,^p) for all v e N and all p e P. □ 

Since f is a system of V-SDP-equations, by Theorem [l] and Theorem [3) we 
can compute the least solution iifSJ of £ using our V-strategy improvement 
algorithm. Thus, we have finally shown the following main result for the static 
program analysis application: 

Theorem 4. We can compute the relaxed abstract semantics of a program 
G = {N, E,st, I) using our V-strategy improvement algorithm. Each M -strategy 
improvement step can by performed by performing \N\ ■ \P\ Kleene iteration steps 
and solving \N\ ■ \P\ SDP problems, each of which can be constructed in polyno- 
mial time. The number of strategy improvement steps is exponentially bounded 
by the product of the number of merge points in the program and the number of 
program variables. □ 

Example 26. In order to give a complete picture of our method, we now discuss 
the harmonic oscillator example of Adje et al. [T] in detail. The program consists 
only of the simple loop 

while ( true ) x :— Ax^ (100) 
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where x = {xi,X2) € M is the vector of program variables and 

A ( 1 0.0l\ 

We assume that the two-dimensional interval I = [0, 1] x [0, 1] is the set of 
initial states. The set of control-points just consists of st, i.e. N = {si}. The set 

P = {pi, . . . ,P5} of templates is given by 

Pl(xi,X2) = -Xi P2{xi,X2)=Xi Pz{Xi,X2) = -X2 (102) 

Pi{xi,X2)^X2 pr-,(xi,X2) ^'2.x\ + :ixl + 2xiX2 (103) 

The abstract semantics is thus given by the least solution of the following system 
of V-SDP-equations: 

Xst,pi = -oo V V SDP^,„,B,Ci (x St,pi ) Xst,p2 ) Xst,p3 ) Xgt^p^ , Xst,p5 

) (104) 

Xst,p2 = -00 V 1 V SDP^ ) (105) 

Xst,p3 = V V SDP^^a,e,C3 (Xst^pi , Xst,p2 ■• Xst,p3 > Xst,p4 ■• Xst,p5 ) (106) 

Xst,p4 = V 1 V SDP^^a,e,C4(Xst,pi,Xst,p2iXst,p3iXst,p4iXst,p5) (107) 

Xst,p5 = — oo V 7 V SOP^^a^BjCj (Xst,pi , Xst,p2 ; Xst,p3 , Xst,p4 , Xst,p5 

) (108) 

Here 

//100\\ 
^== a = (1) 

VVoooy; 

-0.5 0\ / 0.5 0\ / -0.5\ / 0.5\ /O 0> 
B=\ \ -0.5 , 0.5 00 , , 000 , 021 
0/\0 00/ \-0.5 / \0.5 / \0 1 3 

/ -0.5 -0.005\ / 0.5 0.005^ 

Ci = -0.5 C2 = 0.5 

\-0.005 / \0.005 

/ 0.005 -0.495\ / -0.005 0.495> 

C3 = 0.005 C4 = -0.005 

\-0.495 / \ 0.495 

/O 
C5 = 1.9803 0.9802 
yo 0.9802 2.9603y 

In this example we have 3^ = 243 different V-strategies. Assuming that the 
algorithm always chooses the best local improvement, in the first step it switch 
to the V-strategy that is given by the finite constants. At each equation, it then 
can switch to the SDP-expression, but then, because it constructs a strictly 
increasing sequence, it can never return to the constant. Summarizing, because 
of the simple structure, it is clear that our V-strategy improvement algorithm 
will perform at most 6 V-strategy improvement steps. In fact our prototypical 
implementation performs 4 V-strategy improvement steps on this example. □ 
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7 Conclusion 



We introduced and studied systems of V-morcave equations — a natural and 
strict generalization of systems of rational equations that were previously stud- 
ied by Gawlitza and Seidl O [8] . We showed how the V-strategy improvement 
approach from Gawlitza and Seidl [3 |6j can be generalized to solve these fix- 
point equation systems. We provided full proves and a in-depth discussion on 
the different cases. 

On the practical side, we showed that our algorithm can be applied to perform 
static program analysis w.r.t. quadratic templates using the relaxed abstract 
semantics of Adje et al. [1] (based on Shor's semi-definite relaxation schema). 
This analysis can, for instance, be used to verify linear recursive filters and 
numerical integration schemes. In the conference article that appears in the 
proceedings of the Seventeenth International Static Analysis Symposium (SAS 
2010) we report on experimental results that were obtained through our proof- 
of-concept implementation 

For future work, we are interested in studying the use of other convex relax- 
ation schemes to deal with more sophisticated problem already posed 
by Adje et al. [T]. This would partially abolish the restriction to affine assign- 
ments and quadratic guards. Currently, we apply our V-strategy improvement 
algorithm only to numerical static analysis of programs. It remains to investigate 
in how far the V-strategy improvement algorithm we developed can be applied 
to other applications — maybe in other fields of computer science. Since our 
methods are solving quite general fixpoint problems, we have some hope that 
this is the case. Natural candidates could perhaps be found in the context of 
two-players zero-sum games. 
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